分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp01-1 | 2018-03-12 22:27:27 | 2018-03-12 22:29:55 | 148 秒 |
URL |
---|
URL专业沙箱检测 -> https://fa.cc52.cc/source/pack/upload/install/install.php?id=56 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 122.224.45.50 | 中国 | |
否 | 183.131.217.120 | 中国 | |
否 | 23.5.251.27 | 美国 |
Name: linliang Country: CN State: zhejiang City: hangzhou ZIP Code: 318000 Address: jiangxiamiaoshanjingjikaifaqu Orginization: linliang Domain Name(s): CC52.CC cc52.cc Creation Date: 2017-06-21 23:40:20 Updated Date: 2017-06-22 05:20:19 2017-06-21 23:40:20 Expiration Date: 2018-06-21 23:40:20 Email(s): abuse@22.cn 2331313766@qq.com Registrar(s): 22NET, INC. Name Server(s): NS5.DNSDUN.NET NS6.DNSDUN.COM ns6.dnsdun.com ns5.dnsdun.net Referral URL(s): None
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 122.224.45.50 | 中国 | |
否 | 183.131.217.120 | 中国 | |
否 | 23.5.251.27 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49161 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.201 | 49166 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.201 | 49160 | 183.131.217.120 fa.cc52.cc | 443 |
192.168.122.201 | 49164 | 183.131.217.120 fa.cc52.cc | 443 |
192.168.122.201 | 49162 | 23.5.251.27 ocsp2.digicert.com | 80 |
192.168.122.201 | 49167 | 63.130.76.74 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 58719 | 192.168.122.1 | 53 |
192.168.122.201 | 60313 | 192.168.122.1 | 53 |
192.168.122.201 | 61636 | 192.168.122.1 | 53 |
192.168.122.201 | 61836 | 192.168.122.1 | 53 |
192.168.122.201 | 63248 | 192.168.122.1 | 53 |
192.168.122.201 | 64412 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49161 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.201 | 49166 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.201 | 49160 | 183.131.217.120 fa.cc52.cc | 443 |
192.168.122.201 | 49164 | 183.131.217.120 fa.cc52.cc | 443 |
192.168.122.201 | 49162 | 23.5.251.27 ocsp2.digicert.com | 80 |
192.168.122.201 | 49167 | 63.130.76.74 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 58719 | 192.168.122.1 | 53 |
192.168.122.201 | 60313 | 192.168.122.1 | 53 |
192.168.122.201 | 61636 | 192.168.122.1 | 53 |
192.168.122.201 | 61836 | 192.168.122.1 | 53 |
192.168.122.201 | 63248 | 192.168.122.1 | 53 |
192.168.122.201 | 64412 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAWAJn8G8pVTNI4cGFpe7i4%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAWAJn8G8pVTNI4cGFpe7i4%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
URL专业沙箱检测 -> http://ocsp2.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJrF0xYA49jC3D83fgDGesaUkzIQQUf9OZ86BHDjEAVlYijrfMnt3KAYoCEA5j7sqz72%2FLH9UXrjVAErA%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJrF0xYA49jC3D83fgDGesaUkzIQQUf9OZ86BHDjEAVlYijrfMnt3KAYoCEA5j7sqz72%2FLH9UXrjVAErA%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.digicert.com |
URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl | GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2018-03-12 22:28:19.665671+0800 | 122.224.45.50 | 80 | 192.168.122.201 | 49166 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2018-03-12 22:27:54.808771+0800 | 192.168.122.201 | 49160 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
2018-03-12 22:28:04.039765+0800 | 192.168.122.201 | 49164 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
No Suricata HTTP
文件名 | {7F1F4A64-2601-11E8-AB96-52540022444F}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7F1F4A64-2601-11E8-AB96-52540022444F}.dat
|
文件大小 | 4608 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | 624671dc1e4f134284471d281eaeea47 |
SHA1 | e923f1b1fa9b144603b5a30e1d01a2cf0b8c1684 |
SHA256 | dc30775b40a4c37aed621e6b53359e972a343755b3bcfa8c44931d51a1af5944 |
CRC32 | 58F1E437 |
Ssdeep | 12:rlfFqjrEgmfR16FC+rEgmfS1qjNlYfOo3NNlb9oCHacaQ+60Kw3zN:rSGD+GjNljo9NlZoCHaca/dK |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018031320180314\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 32901893c7f48d462b4fb3543166979f |
SHA1 | 4837ebe15ff14052090936afd20a1cc3ebb6a188 |
SHA256 | 698e876d003a43df4dc0d8bf5888797b485efb4772c09788e28662efe3327334 |
CRC32 | 636B9B48 |
Ssdeep | 6:qjyxXK/bl73yjaihFkeI2CGtjEkVlCz3yja9FkeIziGC4I:qjRzh3biTkeI2CGtbVk3bnkeIziGC4 |
下载 提交魔盾安全分析 |
文件名 | FC96E45960361B9478DE014EA26A25DA |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC96E45960361B9478DE014EA26A25DA
|
文件大小 | 471 字节 |
文件类型 | data |
MD5 | 862d5cb58aff47e0a4e549e23725440e |
SHA1 | 085c7c3fd575b6ce403a8967988d56750298b239 |
SHA256 | a0b74869ac81221cf51387c9a64f58c190a9e38dbbf17b5920232c12d2381265 |
CRC32 | 848B7DCA |
Ssdeep | 12:JrY5V5k8f023LhzZ/LjxBFwB6iCDKE7LiW:JrYTu8f0GlZTjZwLCVLiW |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
CRC32 | B451CA0B |
Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
文件大小 | 65536 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
CRC32 | BFF870C9 |
Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
下载 提交魔盾安全分析 |
文件名 | B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D
|
文件大小 | 430 字节 |
文件类型 | data |
MD5 | e52aafa05b0b00f124a22760c3f64929 |
SHA1 | a72935dfb5439ec8c9dcb1fdc9816449f433cdbb |
SHA256 | 9407759d994de910be0e434961d42be076b0c46557bc615d702308fb9490a70e |
CRC32 | C2123A90 |
Ssdeep | 6:kKFwEExVFebXlRNfOAUMivhClroFH7q0yNXImolv9RUuQ2vmLl2km4D3iBq94B4N:qESYmxMiv8sFbq0yNYmc3Q2N4DlxN |
下载 提交魔盾安全分析 |
文件名 | RecoveryStore.{7F1F4A63-2601-11E8-AB96-52540022444F}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7F1F4A63-2601-11E8-AB96-52540022444F}.dat
|
文件大小 | 3584 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | ba228418922495b7be082931a07a1b73 |
SHA1 | 391dae869b685ada92d1859c7b18584a8b38c04e |
SHA256 | c996788504b23ec964ca7b5d276229a1c5a3f1c43b0a605bfdfaaea36a66ba83 |
CRC32 | F1411117 |
Ssdeep | 12:rl0YmGF2GrEg5+IaCrI017+FeDrEgmf+IaCy8qgQNlTqoep0:rIG5/5Gv/TQNlWoe |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
|
文件大小 | 262144 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | fbe6ba880d1f6cadfd771536120f2c73 |
SHA1 | 34b1a30160c6c7675a5c69b62d98661ab7a494bb |
SHA256 | a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01 |
CRC32 | E94B92FD |
Ssdeep | 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi |
下载 提交魔盾安全分析 |
文件名 | FC96E45960361B9478DE014EA26A25DA |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC96E45960361B9478DE014EA26A25DA
|
文件大小 | 432 字节 |
文件类型 | data |
MD5 | 5b9379ed891f140539842d6ff4c9e145 |
SHA1 | 9ebf11d4b026009becdc3e0905c894c239a20677 |
SHA256 | 904108429a02ef1504111cbe99dccd13422ce063b32a8998823462b5ce5c644f |
CRC32 | 824338A7 |
Ssdeep | 6:kKoe1ja7rJbXlRNQAUMivhClroFwgLR3wUslealW+KElllwjT32ywebrq9tuUOi:bxAPQxMiv8sFwgpsleJpj7bwemL |
下载 提交魔盾安全分析 |
文件名 | favicon[1].ico |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\favicon[1].ico
|
文件大小 | 4286 字节 |
文件类型 | MS Windows icon resource - 1 icon, 32x32 |
MD5 | 9d19b98438b96d139b43e1e6d441e32f |
SHA1 | e37d17917843be88154106b1e5affdb6c93a6de6 |
SHA256 | 6aac95fe3e9eb52e4d062c5ca61437015f9a66c040935a5086406fc28e8c29d0 |
CRC32 | 26199F24 |
Ssdeep | 96:ilJctr1PBmwW9f7uQQWh3aE+DjsbnI62+iz:KJctrVlcPthO+a |
下载 提交魔盾安全分析 |
文件名 | B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D
|
文件大小 | 471 字节 |
文件类型 | data |
MD5 | 99f7fb1f66874c8cd10c06563366732f |
SHA1 | 3d02cc05020f6bfb4a3149baa60758418069ad6a |
SHA256 | 898c80587689d1c31f31c517de5ab4243adf41a9b8670ecdbdda5f2071a0cff2 |
CRC32 | 551F652F |
Ssdeep | 12:JD2+Rj5J72+nfLNmHFO/mcGcO5GPtM52UIjDRAiQC4H7JTfhEGvq:JD2+Rjf72+fLII/pGDGa5hIxAiQBprvq |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 136843 |
---|---|
Mongo ID | 5aa68f122e06336c611e6453 |
Cuckoo release | 1.4-Maldun |