分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-shaapp01-1 | 2018-03-16 16:41:35 | 2018-03-16 16:43:54 | 139 秒 |
魔盾分数
0.45
正常的
URL详细信息
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 122.224.45.50 | 中国 | |
| 是 | 61.147.108.39 | 中国 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| www.microsoft.com |
CNAME e13678.ca.s.tl88.net A 122.224.45.50 CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net |
摘要
登录查看详细行为信息WHOIS 信息
Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None
Orginization: None
Domain Name(s):
None
Creation Date:
None
Updated Date:
None
Expiration Date:
None
Email(s):
search-apnic-not-arin@apnic.net
ip@jsinfo.net
spam@jsinfo.net
abuse@jsinfo.net
anti-spam@ns.chinanet.cn.net
Registrar(s):
None
Name Server(s):
None
Referral URL(s):
None
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 122.224.45.50 | 中国 | |
| 是 | 61.147.108.39 | 中国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49161 | 122.224.45.50 www.microsoft.com | 80 |
| 192.168.122.201 | 49160 | 61.147.108.39 | 12345 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 52576 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59795 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| www.microsoft.com |
CNAME e13678.ca.s.tl88.net A 122.224.45.50 CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49161 | 122.224.45.50 www.microsoft.com | 80 |
| 192.168.122.201 | 49160 | 61.147.108.39 | 12345 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 52576 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59795 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://61.147.108.39:12345/download/file/CB05A555CC0C3ACF7ED863D27332342C/WGJ_X_20180314_162952_2.zip | GET /download/file/CB05A555CC0C3ACF7ED863D27332342C/WGJ_X_20180314_162952_2.zip HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&ved=0CCEQfjTU54QUpBS2dlVmdQc1d3bnV3ZmhVTUNP&url=http%3A%2F%2F61.147.108.39%3A12345%2Fdownload%2Ffile%2FCB05A555CC0C3ACF7ED863D27332342C%2FWGJ_X_20180314_162952_2.zip&ei=V2RyTVd3YXd4ckV3&usg=AFQjTmxacnFqbXV3eU54 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 61.147.108.39:12345 Connection: Keep-Alive |
| URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2018-03-16 16:41:59.561888+0800 | 122.224.45.50 | 80 | 192.168.122.201 | 49161 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | RecoveryStore.{D6891A03-28F5-11E8-A1F7-525400F9C664}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D6891A03-28F5-11E8-A1F7-525400F9C664}.dat
|
| 文件大小 | 5120 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 03a4e404a8bb10975e821d31a48bfb82 |
| SHA1 | ca76f1f8c86af7d3d35b9cc284d421aed2377a01 |
| SHA256 | 1a070dacb25098a5080c0b185dd184e045b4631b4da919d9c59d341cc4500d0c |
| CRC32 | 3654B95B |
| Ssdeep | 24:rLgTG5/k8yd5/OMkNlWoTvvlQNlWoTvLr:rwG5c35GEoJdo |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
| SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
| SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
| CRC32 | B451CA0B |
| Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
| 魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | {D6891A04-28F5-11E8-A1F7-525400F9C664}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6891A04-28F5-11E8-A1F7-525400F9C664}.dat
|
| 文件大小 | 4096 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | f3aeddfa2646caaa29c3b8572466364d |
| SHA1 | 2f0cc6e423e2a54ec8fe6e41b20e94ee5a1a43c4 |
| SHA256 | ea386a51f4db63f36858b9d8d4fbce26336d6925d31397815072f37255cf12d7 |
| CRC32 | BBD06836 |
| Ssdeep | 12:rl0YmGFjkZhrEgm8GL7KFr0rEgm8Gz7qPNlCgrNl26ao:rufG8b0G8JNlLrNlIo |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
| 文件大小 | 65536 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
| SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
| SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
| CRC32 | BFF870C9 |
| Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
| 下载 提交魔盾安全分析 |
| 文件名 | JavaDeployReg.log |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
|
| 文件大小 | 1068 字节 |
| 文件类型 | ASCII text, with CRLF line terminators |
| MD5 | a8a0873643f84ec5b4755b827824b407 |
| SHA1 | ceae9a36550c8c708014109f2d50b25850b747c2 |
| SHA256 | 285c9a5677594d2374da00ea8d95a158f65364ce528fcdf0a0029479a046db2f |
| CRC32 | A7AC09A4 |
| Ssdeep | 24:odn9LnnMm8uA8XlZQfU78Tc49PX/+1SP1:odn9LnnMruA8XlZQfU78Tc49PX/+AP1 |
| 下载 提交魔盾安全分析 显示文本 | |
[2017/06/01 16:29:23.649] Latest deploy version: [2017/06/01 16:29:23.649] 11.121.2 [2017/06/01 16:30:14.832] Latest deploy version: [2017/06/01 16:30:14.832] 11.121.2 [2017/06/01 16:40:25.052] Latest deploy version: [2017/06/01 16:40:25.052] 11.121.2 [2017/06/08 18:03:28.677] Latest deploy version: [2017/06/08 18:03:28.677] 11.121.2 [2017/06/08 18:15:11.176] Latest deploy version: [2017/06/08 18:15:11.176] 11.121.2 [2017/06/08 18:17:04.791] Latest deploy version: [2017/06/08 18:17:04.791] 11.121.2 [2017/09/01 16:11:55.188] Latest deploy version: [2017/09/01 16:11:55.188] 11.121.2 [2017/09/01 20:28:25.900] Latest deploy version: [2017/09/01 20:28:25.900] 11.121.2 [2017/09/01 22:02:42.198] Latest deploy version: [2017/09/01 22:02:42.198] 11.121.2 [2017/09/03 00:16:45.426] Latest deploy version: [2017/09/03 00:16:45.426] 11.121.2 [2017/09/03 11:22:53.307] Latest deploy version: [2017/09/03 11:22:53.307] 11.121.2 [2018/03/17 02:22:48.307] Latest deploy version: [2018/03/17 02:22:48.307] 11.121.2 |
|
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 25.135 seconds )
- 9.084 NetworkAnalysis
- 7.6 Suricata
- 3.767 Static
- 3.273 BehaviorAnalysis
- 1.175 VirusTotal
- 0.18 AnalysisInfo
- 0.05 Dropped
- 0.004 Memory
- 0.002 Debug
Signatures ( 4.092 seconds )
- 1.226 md_url_bl
- 0.979 antiav_detectreg
- 0.338 infostealer_ftp
- 0.211 antianalysis_detectreg
- 0.187 infostealer_im
- 0.142 stealth_timeout
- 0.115 antivm_generic_scsi
- 0.106 infostealer_mail
- 0.102 api_spamming
- 0.082 antivm_generic_services
- 0.053 darkcomet_regkeys
- 0.052 kibex_behavior
- 0.052 antivm_xen_keys
- 0.051 antivm_parallels_keys
- 0.038 geodo_banking_trojan
- 0.037 betabot_behavior
- 0.034 antivm_generic_diskreg
- 0.018 antivm_vbox_keys
- 0.018 antivm_vmware_keys
- 0.017 antivm_xen_keys
- 0.017 antivm_hyperv_keys
- 0.017 antivm_vbox_acpi
- 0.017 antivm_vpc_keys
- 0.017 bypass_firewall
- 0.017 packer_armadillo_regkey
- 0.014 stealth_file
- 0.008 md_bad_drop
- 0.007 antivm_generic_disk
- 0.007 antiav_detectfile
- 0.007 md_domain_bl
- 0.006 mimics_filetime
- 0.006 persistence_autorun
- 0.005 antiemu_wine_func
- 0.005 virus
- 0.005 infostealer_bitcoin
- 0.004 bootkit
- 0.004 infostealer_browser_password
- 0.004 antidbg_windows
- 0.004 kovter_behavior
- 0.004 ransomware_files
- 0.003 hancitor_behavior
- 0.003 ransomware_message
- 0.003 antivm_vbox_libs
- 0.003 antiemu_wine_reg
- 0.003 antivm_vbox_files
- 0.003 ransomware_extensions
- 0.003 recon_fingerprint
- 0.002 tinba_behavior
- 0.002 antiav_avast_libs
- 0.002 dridex_behavior
- 0.002 injection_createremotethread
- 0.002 injection_runpe
- 0.002 antisandbox_productid
- 0.002 disables_browser_warn
- 0.002 network_torgateway
- 0.001 hawkeye_behavior
- 0.001 network_tor
- 0.001 rat_nanocore
- 0.001 stack_pivot
- 0.001 antisandbox_sunbelt_libs
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 vawtrak_behavior
- 0.001 cerber_behavior
- 0.001 antidbg_devices
- 0.001 antivm_generic_bios
- 0.001 antivm_generic_cpu
- 0.001 antivm_generic_system
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 browser_security
- 0.001 ie_martian_children
- 0.001 modify_uac_prompt
- 0.001 recon_programs
Reporting ( 0.343 seconds )
- 0.343 ReportHTMLSummary
| Task ID | 138608 |
|---|---|
| Mongo ID | 5aab83f1bb7d5741d3733873 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号