分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-hpdapp01-1 | 2018-03-12 22:27:27 | 2018-03-12 22:29:55 | 148 秒 |
魔盾分数
1.05
正常的
URL详细信息
| URL |
|---|
| URL专业沙箱检测 -> https://fa.cc52.cc/source/pack/upload/install/install.php?id=56 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 117.18.237.29 | 亚洲太平洋地区 | |
| 否 | 122.224.45.50 | 中国 | |
| 否 | 183.131.217.120 | 中国 | |
| 否 | 23.5.251.27 | 美国 |
域名解析 (可点击查询WPING实时安全评级)
摘要
登录查看详细行为信息WHOIS 信息
Name: linliang
Country: CN
State: zhejiang
City: hangzhou
ZIP Code: 318000
Address: jiangxiamiaoshanjingjikaifaqu
Orginization: linliang
Domain Name(s):
CC52.CC
cc52.cc
Creation Date:
2017-06-21 23:40:20
Updated Date:
2017-06-22 05:20:19
2017-06-21 23:40:20
Expiration Date:
2018-06-21 23:40:20
Email(s):
abuse@22.cn
2331313766@qq.com
Registrar(s):
22NET, INC.
Name Server(s):
NS5.DNSDUN.NET
NS6.DNSDUN.COM
ns6.dnsdun.com
ns5.dnsdun.net
Referral URL(s):
None
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 117.18.237.29 | 亚洲太平洋地区 | |
| 否 | 122.224.45.50 | 中国 | |
| 否 | 183.131.217.120 | 中国 | |
| 否 | 23.5.251.27 | 美国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49161 | 117.18.237.29 ocsp.digicert.com | 80 |
| 192.168.122.201 | 49166 | 122.224.45.50 www.microsoft.com | 80 |
| 192.168.122.201 | 49160 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49164 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49162 | 23.5.251.27 ocsp2.digicert.com | 80 |
| 192.168.122.201 | 49167 | 63.130.76.74 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 58719 | 192.168.122.1 | 53 |
| 192.168.122.201 | 60313 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61636 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61836 | 192.168.122.1 | 53 |
| 192.168.122.201 | 63248 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64412 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49161 | 117.18.237.29 ocsp.digicert.com | 80 |
| 192.168.122.201 | 49166 | 122.224.45.50 www.microsoft.com | 80 |
| 192.168.122.201 | 49160 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49164 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49162 | 23.5.251.27 ocsp2.digicert.com | 80 |
| 192.168.122.201 | 49167 | 63.130.76.74 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 58719 | 192.168.122.1 | 53 |
| 192.168.122.201 | 60313 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61636 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61836 | 192.168.122.1 | 53 |
| 192.168.122.201 | 63248 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64412 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAWAJn8G8pVTNI4cGFpe7i4%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAWAJn8G8pVTNI4cGFpe7i4%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
| URL专业沙箱检测 -> http://ocsp2.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJrF0xYA49jC3D83fgDGesaUkzIQQUf9OZ86BHDjEAVlYijrfMnt3KAYoCEA5j7sqz72%2FLH9UXrjVAErA%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJrF0xYA49jC3D83fgDGesaUkzIQQUf9OZ86BHDjEAVlYijrfMnt3KAYoCEA5j7sqz72%2FLH9UXrjVAErA%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.digicert.com |
| URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
| URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl | GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2018-03-12 22:28:19.665671+0800 | 122.224.45.50 | 80 | 192.168.122.201 | 49166 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2018-03-12 22:27:54.808771+0800 | 192.168.122.201 | 49160 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
| 2018-03-12 22:28:04.039765+0800 | 192.168.122.201 | 49164 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | {7F1F4A64-2601-11E8-AB96-52540022444F}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7F1F4A64-2601-11E8-AB96-52540022444F}.dat
|
| 文件大小 | 4608 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 624671dc1e4f134284471d281eaeea47 |
| SHA1 | e923f1b1fa9b144603b5a30e1d01a2cf0b8c1684 |
| SHA256 | dc30775b40a4c37aed621e6b53359e972a343755b3bcfa8c44931d51a1af5944 |
| CRC32 | 58F1E437 |
| Ssdeep | 12:rlfFqjrEgmfR16FC+rEgmfS1qjNlYfOo3NNlb9oCHacaQ+60Kw3zN:rSGD+GjNljo9NlZoCHaca/dK |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018031320180314\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 32901893c7f48d462b4fb3543166979f |
| SHA1 | 4837ebe15ff14052090936afd20a1cc3ebb6a188 |
| SHA256 | 698e876d003a43df4dc0d8bf5888797b485efb4772c09788e28662efe3327334 |
| CRC32 | 636B9B48 |
| Ssdeep | 6:qjyxXK/bl73yjaihFkeI2CGtjEkVlCz3yja9FkeIziGC4I:qjRzh3biTkeI2CGtbVk3bnkeIziGC4 |
| 下载 提交魔盾安全分析 |
| 文件名 | FC96E45960361B9478DE014EA26A25DA |
|---|---|
| 相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC96E45960361B9478DE014EA26A25DA
|
| 文件大小 | 471 字节 |
| 文件类型 | data |
| MD5 | 862d5cb58aff47e0a4e549e23725440e |
| SHA1 | 085c7c3fd575b6ce403a8967988d56750298b239 |
| SHA256 | a0b74869ac81221cf51387c9a64f58c190a9e38dbbf17b5920232c12d2381265 |
| CRC32 | 848B7DCA |
| Ssdeep | 12:JrY5V5k8f023LhzZ/LjxBFwB6iCDKE7LiW:JrYTu8f0GlZTjZwLCVLiW |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
| SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
| SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
| CRC32 | B451CA0B |
| Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
| 魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
| 文件大小 | 65536 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
| SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
| SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
| CRC32 | BFF870C9 |
| Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
| 下载 提交魔盾安全分析 |
| 文件名 | B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D |
|---|---|
| 相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D
|
| 文件大小 | 430 字节 |
| 文件类型 | data |
| MD5 | e52aafa05b0b00f124a22760c3f64929 |
| SHA1 | a72935dfb5439ec8c9dcb1fdc9816449f433cdbb |
| SHA256 | 9407759d994de910be0e434961d42be076b0c46557bc615d702308fb9490a70e |
| CRC32 | C2123A90 |
| Ssdeep | 6:kKFwEExVFebXlRNfOAUMivhClroFH7q0yNXImolv9RUuQ2vmLl2km4D3iBq94B4N:qESYmxMiv8sFbq0yNYmc3Q2N4DlxN |
| 下载 提交魔盾安全分析 |
| 文件名 | RecoveryStore.{7F1F4A63-2601-11E8-AB96-52540022444F}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7F1F4A63-2601-11E8-AB96-52540022444F}.dat
|
| 文件大小 | 3584 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | ba228418922495b7be082931a07a1b73 |
| SHA1 | 391dae869b685ada92d1859c7b18584a8b38c04e |
| SHA256 | c996788504b23ec964ca7b5d276229a1c5a3f1c43b0a605bfdfaaea36a66ba83 |
| CRC32 | F1411117 |
| Ssdeep | 12:rl0YmGF2GrEg5+IaCrI017+FeDrEgmf+IaCy8qgQNlTqoep0:rIG5/5Gv/TQNlWoe |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
|
| 文件大小 | 262144 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | fbe6ba880d1f6cadfd771536120f2c73 |
| SHA1 | 34b1a30160c6c7675a5c69b62d98661ab7a494bb |
| SHA256 | a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01 |
| CRC32 | E94B92FD |
| Ssdeep | 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi |
| 下载 提交魔盾安全分析 |
| 文件名 | FC96E45960361B9478DE014EA26A25DA |
|---|---|
| 相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC96E45960361B9478DE014EA26A25DA
|
| 文件大小 | 432 字节 |
| 文件类型 | data |
| MD5 | 5b9379ed891f140539842d6ff4c9e145 |
| SHA1 | 9ebf11d4b026009becdc3e0905c894c239a20677 |
| SHA256 | 904108429a02ef1504111cbe99dccd13422ce063b32a8998823462b5ce5c644f |
| CRC32 | 824338A7 |
| Ssdeep | 6:kKoe1ja7rJbXlRNQAUMivhClroFwgLR3wUslealW+KElllwjT32ywebrq9tuUOi:bxAPQxMiv8sFwgpsleJpj7bwemL |
| 下载 提交魔盾安全分析 |
| 文件名 | favicon[1].ico |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\favicon[1].ico
|
| 文件大小 | 4286 字节 |
| 文件类型 | MS Windows icon resource - 1 icon, 32x32 |
| MD5 | 9d19b98438b96d139b43e1e6d441e32f |
| SHA1 | e37d17917843be88154106b1e5affdb6c93a6de6 |
| SHA256 | 6aac95fe3e9eb52e4d062c5ca61437015f9a66c040935a5086406fc28e8c29d0 |
| CRC32 | 26199F24 |
| Ssdeep | 96:ilJctr1PBmwW9f7uQQWh3aE+DjsbnI62+iz:KJctrVlcPthO+a |
| 下载 提交魔盾安全分析 |
| 文件名 | B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D |
|---|---|
| 相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D
|
| 文件大小 | 471 字节 |
| 文件类型 | data |
| MD5 | 99f7fb1f66874c8cd10c06563366732f |
| SHA1 | 3d02cc05020f6bfb4a3149baa60758418069ad6a |
| SHA256 | 898c80587689d1c31f31c517de5ab4243adf41a9b8670ecdbdda5f2071a0cff2 |
| CRC32 | 551F652F |
| Ssdeep | 12:JD2+Rj5J72+nfLNmHFO/mcGcO5GPtM52UIjDRAiQC4H7JTfhEGvq:JD2+Rjf72+fLII/pGDGa5hIxAiQBprvq |
| 下载 提交魔盾安全分析 |
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 30.944 seconds )
- 13.622 NetworkAnalysis
- 12.034 Suricata
- 2.098 Static
- 1.659 BehaviorAnalysis
- 1.071 VirusTotal
- 0.358 AnalysisInfo
- 0.065 Dropped
- 0.034 Debug
- 0.003 Memory
Signatures ( 3.932 seconds )
- 2.168 md_url_bl
- 0.56 md_bad_drop
- 0.248 antiav_detectreg
- 0.094 stealth_timeout
- 0.092 infostealer_ftp
- 0.072 api_spamming
- 0.053 infostealer_im
- 0.051 antianalysis_detectreg
- 0.05 antivm_generic_scsi
- 0.032 stealth_file
- 0.03 infostealer_mail
- 0.024 antivm_generic_services
- 0.024 md_domain_bl
- 0.023 antiav_detectfile
- 0.017 antivm_generic_disk
- 0.016 infostealer_bitcoin
- 0.015 mimics_filetime
- 0.015 geodo_banking_trojan
- 0.014 betabot_behavior
- 0.013 kibex_behavior
- 0.013 vawtrak_behavior
- 0.012 virus
- 0.012 antivm_xen_keys
- 0.012 darkcomet_regkeys
- 0.011 bootkit
- 0.011 antivm_parallels_keys
- 0.01 persistence_autorun
- 0.009 antiemu_wine_func
- 0.009 antivm_vbox_files
- 0.008 kovter_behavior
- 0.008 antivm_generic_diskreg
- 0.008 recon_fingerprint
- 0.007 hancitor_behavior
- 0.007 shifu_behavior
- 0.007 infostealer_browser_password
- 0.007 ransomware_extensions
- 0.007 ransomware_files
- 0.006 andromeda_behavior
- 0.006 dridex_behavior
- 0.006 antidbg_windows
- 0.005 antisandbox_productid
- 0.005 disables_browser_warn
- 0.004 injection_createremotethread
- 0.004 Locky_behavior
- 0.004 antivm_vbox_libs
- 0.004 antivm_xen_keys
- 0.004 antivm_hyperv_keys
- 0.004 antivm_vbox_acpi
- 0.004 antivm_vbox_keys
- 0.004 antivm_vmware_keys
- 0.004 antivm_vpc_keys
- 0.004 bypass_firewall
- 0.004 network_torgateway
- 0.004 packer_armadillo_regkey
- 0.003 tinba_behavior
- 0.003 network_tor
- 0.003 rat_nanocore
- 0.003 antiav_avast_libs
- 0.003 antivm_vmware_events
- 0.003 injection_runpe
- 0.003 cryptowall_behavior
- 0.003 antidbg_devices
- 0.003 browser_security
- 0.002 hawkeye_behavior
- 0.002 stack_pivot
- 0.002 antisandbox_sunbelt_libs
- 0.002 kazybot_behavior
- 0.002 dyre_behavior
- 0.002 exec_crash
- 0.002 cerber_behavior
- 0.002 antivm_generic_bios
- 0.002 antivm_generic_cpu
- 0.002 antivm_generic_system
- 0.002 bot_drive
- 0.002 rat_pcclient
- 0.002 recon_programs
- 0.001 persistence_bootexecute
- 0.001 rat_luminosity
- 0.001 network_anomaly
- 0.001 antivm_vmware_libs
- 0.001 antivm_vbox_window
- 0.001 injection_explorer
- 0.001 sets_autoconfig_url
- 0.001 stealth_network
- 0.001 modifies_desktop_wallpaper
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 chimera_behavior
- 0.001 ursnif_behavior
- 0.001 ispy_behavior
- 0.001 antianalysis_detectfile
- 0.001 antivm_vmware_files
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 codelux_behavior
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 ie_martian_children
- 0.001 maldun_blacklist
- 0.001 modify_security_center_warnings
- 0.001 modify_uac_prompt
- 0.001 network_tor_service
- 0.001 office_security
- 0.001 rat_spynet
- 0.001 sniffer_winpcap
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 targeted_flame
- 0.001 whois_create
Reporting ( 0.582 seconds )
- 0.582 ReportHTMLSummary
| Task ID | 136843 |
|---|---|
| Mongo ID | 5aa68f122e06336c611e6453 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号