分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp01-1 | 2017-12-15 10:53:18 | 2017-12-15 10:55:45 | 147 秒 |
URL |
---|
URL专业沙箱检测 -> http://dl.urndf.com/download/%CE%A2%D0%C5_18@27440.exe |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.17.177.200 | 美国 | |
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 120.26.127.170 | 中国 | |
否 | 122.228.74.170 | 中国 | |
否 | 183.136.212.50 | 中国 | |
否 | 23.219.38.8 | 美国 | |
否 | 65.55.186.113 | 美国 | |
是 | 199.239.182.200 | 美国 |
Name: Nexperian Holding Limited Country: CN State: Zhejiang City: Hangzhou ZIP Code: 311121 Address: Le Jia International No.999 Liang Mu Road Yuhang District Orginization: Nexperian Holding Limited Domain Name(s): URNDF.COM urndf.com Creation Date: 2016-10-14 09:35:43 Updated Date: 2017-09-21 06:08:22 Expiration Date: 2018-10-14 09:35:43 Email(s): DomainAbuse@service.aliyun.com YuMing@YinSiBaoHu.AliYun.com Registrar(s): HiChina Zhicheng Technology Ltd. Name Server(s): DNS10.HICHINA.COM DNS9.HICHINA.COM Referral URL(s): None
防病毒引擎/厂商 | 网站安全分析 |
---|---|
CLEAN MX | Clean Site |
DNS8 | Clean Site |
MalwarePatrol | Clean Site |
ZDB Zeus | Clean Site |
Tencent | Clean Site |
Netcraft | Unrated Site |
desenmascara_me | Clean Site |
Dr_Web | Clean Site |
PhishLabs | Unrated Site |
Zerofox | Clean Site |
K7AntiVirus | Clean Site |
SecureBrain | Clean Site |
Virusdie External Site Scan | Clean Site |
SCUMWARE_org | Clean Site |
Quttera | Clean Site |
AegisLab WebGuard | Clean Site |
MalwareDomainList | Clean Site |
ZeusTracker | Clean Site |
zvelo | Clean Site |
Google Safebrowsing | Clean Site |
Kaspersky | Unrated Site |
BitDefender | Clean Site |
Certly | Clean Site |
G-Data | Clean Site |
C-SIRT | Clean Site |
OpenPhish | Clean Site |
Malware Domain Blocklist | Clean Site |
VX Vault | Clean Site |
Webutation | Clean Site |
Trustwave | Clean Site |
Web Security Guard | Clean Site |
CyRadar | Clean Site |
ADMINUSLabs | Clean Site |
Malwarebytes hpHosts | Clean Site |
Opera | Clean Site |
AlienVault | Clean Site |
Emsisoft | Clean Site |
Malc0de Database | Clean Site |
Phishtank | Clean Site |
Malwared | Clean Site |
Avira | Clean Site |
CyberCrime | Clean Site |
Antiy-AVL | Clean Site |
Forcepoint ThreatSeeker | Unrated Site |
FraudSense | Clean Site |
malwares_com URL checker | Clean Site |
Comodo Site Inspector | Clean Site |
Malekal | Clean Site |
ESET | Clean Site |
Sophos | Unrated Site |
Yandex Safebrowsing | Malware Site |
Spam404 | Clean Site |
Nucleon | Clean Site |
Sucuri SiteCheck | Clean Site |
Blueliv | Clean Site |
ZCloudsec | Clean Site |
AutoShun | Unrated Site |
ThreatHive | Clean Site |
FraudScore | Clean Site |
Rising | Clean Site |
URLQuery | Unrated Site |
StopBadware | Unrated Site |
Fortinet | Malware Site |
ZeroCERT | Clean Site |
Baidu-International | Clean Site |
securolytics | Clean Site |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.17.177.200 | 美国 | |
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 120.26.127.170 | 中国 | |
否 | 122.228.74.170 | 中国 | |
否 | 183.136.212.50 | 中国 | |
否 | 23.219.38.8 | 美国 | |
否 | 65.55.186.113 | 美国 | |
是 | 199.239.182.200 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49171 | 104.17.177.200 ocsp.msocsp.com | 80 |
192.168.122.201 | 49182 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.201 | 49162 | 120.26.127.170 dl.urndf.com | 80 |
192.168.122.201 | 49163 | 122.228.74.170 cl.urndf.com | 80 |
192.168.122.201 | 49169 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.201 | 49173 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.201 | 49181 | 23.219.38.8 cdn.epg.tvdownload.microsoft.com | 80 |
192.168.122.201 | 49170 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49172 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49174 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49175 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49176 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49177 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49178 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49198 | 192.168.122.1 | 53 |
192.168.122.201 | 54830 | 192.168.122.1 | 53 |
192.168.122.201 | 60313 | 192.168.122.1 | 53 |
192.168.122.201 | 60701 | 192.168.122.1 | 53 |
192.168.122.201 | 61636 | 192.168.122.1 | 53 |
192.168.122.201 | 61836 | 192.168.122.1 | 53 |
192.168.122.201 | 63248 | 192.168.122.1 | 53 |
192.168.122.201 | 64412 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49171 | 104.17.177.200 ocsp.msocsp.com | 80 |
192.168.122.201 | 49182 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.201 | 49162 | 120.26.127.170 dl.urndf.com | 80 |
192.168.122.201 | 49163 | 122.228.74.170 cl.urndf.com | 80 |
192.168.122.201 | 49169 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.201 | 49173 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.201 | 49181 | 23.219.38.8 cdn.epg.tvdownload.microsoft.com | 80 |
192.168.122.201 | 49170 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49172 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49174 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49175 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49176 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49177 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49178 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49198 | 192.168.122.1 | 53 |
192.168.122.201 | 54830 | 192.168.122.1 | 53 |
192.168.122.201 | 60313 | 192.168.122.1 | 53 |
192.168.122.201 | 60701 | 192.168.122.1 | 53 |
192.168.122.201 | 61636 | 192.168.122.1 | 53 |
192.168.122.201 | 61836 | 192.168.122.1 | 53 |
192.168.122.201 | 63248 | 192.168.122.1 | 53 |
192.168.122.201 | 64412 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://dl.urndf.com/download/%CE%A2%D0%C5_18@27440.exe | GET /download/%CE%A2%D0%C5_18@27440.exe HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=29&ved=0CCEQfjT2RLTVhiV3FvZVRPUU5udmZFWG9Md0VG&url=http%3A%2F%2Fdl.urndf.com%2Fdownload%2F%25CE%25A2%25D0%25C5_18%4027440.exe&ei=d0RvbXVTUEJvdGVj&usg=AFQjS3NrU3R3TFVNbWlT Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: dl.urndf.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://cl.urndf.com/download/%CE%A2%D0%C5_18@27440.exe | GET /download/%CE%A2%D0%C5_18@27440.exe HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=29&ved=0CCEQfjT2RLTVhiV3FvZVRPUU5udmZFWG9Md0VG&url=http%3A%2F%2Fdl.urndf.com%2Fdownload%2F%25CE%25A2%25D0%25C5_18%4027440.exe&ei=d0RvbXVTUEJvdGVj&usg=AFQjS3NrU3R3TFVNbWlT Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: cl.urndf.com |
URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D | GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: max-age = 10800 Connection: Keep-Alive Accept: */* If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com |
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc | HEAD /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com |
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc | GET /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Thu, 09 Jul 2015 23:37:37 GMT User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com |
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: */* If-Modified-Since: Wed, 06 Dec 2017 00:22:31 GMT If-None-Match: "5a273847-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2017-12-15 10:54:09.942213+0800 | 183.136.212.50 | 80 | 192.168.122.201 | 49169 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
2017-12-15 10:54:16.143018+0800 | 183.136.212.50 | 80 | 192.168.122.201 | 49173 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
2017-12-15 10:53:45.117402+0800 | 122.228.74.170 | 80 | 192.168.122.201 | 49163 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2017-12-15 10:54:12.231796+0800 | 192.168.122.201 | 49170 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-15 10:54:14.836577+0800 | 192.168.122.201 | 49172 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-15 10:54:19.216100+0800 | 192.168.122.201 | 49176 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-15 10:54:20.675944+0800 | 192.168.122.201 | 49177 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-15 10:54:16.882590+0800 | 192.168.122.201 | 49174 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
No Suricata HTTP
文件名 | {1D229EA4-E143-11E7-AB96-52540022444F}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1D229EA4-E143-11E7-AB96-52540022444F}.dat
|
文件大小 | 4096 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | 089bf1aab2a18edec6def45eb415551a |
SHA1 | 159ca85d0a526deac5d12cf2013903a86c179ca9 |
SHA256 | c04ff8443a183d6f7e69c225174367fb3766143932f0eaffac06a0637c2ccf84 |
CRC32 | 8411D503 |
Ssdeep | 12:rl0YmGFczrEgm8GL7KFsrEgm8Gz7qPNlCgrNl26ao:roG8cG8JNlLrNlIo |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
CRC32 | B451CA0B |
Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | RecoveryStore.{1D229EA3-E143-11E7-AB96-52540022444F}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1D229EA3-E143-11E7-AB96-52540022444F}.dat
|
文件大小 | 5120 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | 324829590171e57b6a48a1e0e4980e83 |
SHA1 | 659952cb4464647bb28d8fb61ef79d348ccb7f02 |
SHA256 | 814a37aa75ab41707c74fcbd54fe87c89ae34a41a1371f7e59128506cab74392 |
CRC32 | DA84E198 |
Ssdeep | 12:rl0oGF2WTrEgmZ+IaCrI0CIc8GbiF2FrEg5+IaCrI0CI7uoeMiqI77vNlTqoIMI5:rLWTG5/k8yF5/OMkNlWoI/QNlWoI |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
文件大小 | 65536 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
CRC32 | BFF870C9 |
Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 122585 |
---|---|
Mongo ID | 5a3339da2e06334c28269117 |
Cuckoo release | 1.4-Maldun |