分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp02-1 | 2024-04-25 10:12:17 | 2024-04-25 10:14:30 | 133 秒 |
魔盾分数
0.498
Phishing病毒
文件详细信息
| 文件名 | 综合补贴.docx |
|---|---|
| 文件大小 | 147120 字节 |
| 文件类型 | Zip archive data, at least v1.0 to extract |
| MD5 | 5b8401a266d1ecec2446dc1cf3a5fd27 |
| SHA1 | fe60ff4963ddca97844b3eaae7fa28ff119293da |
| SHA256 | b833334c695300b8037791b801079c733c856e71c1a7edd099e54465841c1600 |
| SHA512 | db6829b4b0660b2a3e131b5218912d0a8336117ce2b960612342ff78867f7a6ef0d0b2f045a76579aa6eb456df87e87e9b044313e1fc80e30be9bf2669010686 |
| CRC32 | A50D6FBB |
| Ssdeep | 3072:dA1+gXjNQGM84Pck+atNgZlxkhKG+lILC3BRB/ol+Yj5mj:dA195ScFqNmlx4+lkC3BRB/olt5m |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息word/media/image1.png
word/media/image2.png
cHRM
0Iv{'
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.33.33.90 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 63246 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.33.33.90 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 63246 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 34.684 seconds )
- 13.892 BehaviorAnalysis
- 11.44 Suricata
- 9.002 NetworkAnalysis
- 0.274 TargetInfo
- 0.06 AnalysisInfo
- 0.011 Strings
- 0.003 Static
- 0.002 Memory
Signatures ( 10.272 seconds )
- 2.816 antiav_detectreg
- 1.382 proprietary_url_bl
- 0.933 infostealer_ftp
- 0.575 antianalysis_detectreg
- 0.518 infostealer_im
- 0.435 stealth_decoy_document
- 0.434 api_spamming
- 0.342 stealth_timeout
- 0.327 infostealer_mail
- 0.251 antivm_generic_scsi
- 0.204 recon_fingerprint
- 0.146 darkcomet_regkeys
- 0.145 kibex_behavior
- 0.144 antivm_parallels_keys
- 0.144 antivm_xen_keys
- 0.104 geodo_banking_trojan
- 0.1 betabot_behavior
- 0.097 antivm_generic_diskreg
- 0.088 antisandbox_productid
- 0.057 antivm_generic_services
- 0.056 anormaly_invoke_kills
- 0.051 antivm_vbox_keys
- 0.05 antivm_vmware_keys
- 0.05 packer_armadillo_regkey
- 0.048 bypass_firewall
- 0.048 antivm_xen_keys
- 0.048 antivm_hyperv_keys
- 0.048 antivm_vbox_acpi
- 0.048 proprietary_anomaly_invoke_vb_vba
- 0.047 antivm_vpc_keys
- 0.044 antivm_generic_cpu
- 0.043 antivm_generic_bios
- 0.043 antivm_generic_system
- 0.026 stealth_file
- 0.021 anomaly_persistence_autorun
- 0.02 mimics_filetime
- 0.019 antiav_detectfile
- 0.017 kovter_behavior
- 0.016 virus
- 0.015 antiemu_wine_func
- 0.015 antivm_generic_disk
- 0.015 infostealer_browser_password
- 0.013 bootkit
- 0.013 proprietary_anomaly_massive_file_ops
- 0.013 infostealer_bitcoin
- 0.009 hancitor_behavior
- 0.008 shifu_behavior
- 0.007 antivm_vbox_files
- 0.007 antiemu_wine_reg
- 0.007 proprietary_domain_bl
- 0.006 infostealer_browser
- 0.006 antidbg_windows
- 0.006 disables_browser_warn
- 0.006 network_http
- 0.005 anomaly_persistence_bootexecute
- 0.005 ransomware_extensions
- 0.005 ransomware_files
- 0.004 banker_prinimalka
- 0.004 antiav_avast_libs
- 0.004 dridex_behavior
- 0.004 injection_createremotethread
- 0.004 anomaly_reset_winsock
- 0.004 gootkit_behavior
- 0.004 creates_largekey
- 0.004 antisandbox_sunbelt_libs
- 0.004 browser_security
- 0.003 tinba_behavior
- 0.003 stack_pivot
- 0.003 antisandbox_sboxie_libs
- 0.003 antidbg_devices
- 0.003 browser_addon
- 0.003 modify_proxy
- 0.003 office_martian_children
- 0.003 network_cnc_http
- 0.002 hawkeye_behavior
- 0.002 network_tor
- 0.002 antivm_vbox_libs
- 0.002 rat_nanocore
- 0.002 proprietary_anomaly_write_exe_and_obsfucate_extension
- 0.002 rat_luminosity
- 0.002 proprietary_malicious_write_executeable_under_temp_to_regrun
- 0.002 sets_autoconfig_url
- 0.002 ipc_namedpipe
- 0.002 antiav_bitdefender_libs
- 0.002 ransomeware_modifies_desktop_wallpaper
- 0.002 cerber_behavior
- 0.002 injection_runpe
- 0.002 disables_system_restore
- 0.002 disables_windows_defender
- 0.002 proprietary_bad_drop
- 0.002 proprietary_office_downloader
- 0.002 rat_pcclient
- 0.001 proprietary_anomaly_terminated_process
- 0.001 ransomware_dmalocker
- 0.001 proprietary_anomaly_write_exe_and_dll_under_winroot_run
- 0.001 antivm_vbox_window
- 0.001 injection_explorer
- 0.001 ursnif_behavior
- 0.001 kazybot_behavior
- 0.001 dyre_behavior
- 0.001 exec_crash
- 0.001 encrypted_ioc
- 0.001 ispy_behavior
- 0.001 vawtrak_behavior
- 0.001 h1n1_behavior
- 0.001 antisandbox_script_timer
- 0.001 securityxploded_modules
- 0.001 sniffer_winpcap
- 0.001 antianalysis_detectfile
- 0.001 antivm_vmware_files
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 codelux_behavior
- 0.001 malicous_targeted_flame
- 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
- 0.001 ransomware_radamant
- 0.001 rat_spynet
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
- 0.001 stealth_modify_security_center_warnings
Reporting ( 1.554 seconds )
- 0.798 ReportHTMLSummary
- 0.756 Malheur
| Task ID | 744299 |
|---|---|
| Mongo ID | 6629bcf3dc327b93ab415c1e |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号