分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp01-3 2018-03-19 11:27:46 2018-03-19 11:30:22 156 秒

魔盾分数

0.05

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://220.181.156.61/cloudquery.php

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
122.224.45.50 中国
220.181.156.61 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.microsoft.com CNAME e13678.ca.s.tl88.net
A 122.224.45.50
CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
CNAME www.microsoft.com-c-3.edgekey.net

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    None
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    search-apnic-not-arin@apnic.net
    'anti-spam@ns.chinanet.cn.net
    anti-spam@ns.chinanet.cn.net
    bjnic@bjtelecom.net

Registrar(s):
    None
Name Server(s):
    None
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


iexplore.exe, PID: 2168, 上一级进程 PID: 1976
iexplore.exe, PID: 2320, 上一级进程 PID: 2168

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
122.224.45.50 中国
220.181.156.61 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.203 49164 122.224.45.50 www.microsoft.com 80
192.168.122.203 49160 220.181.156.61 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.203 57923 192.168.122.1 53
192.168.122.203 58694 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.microsoft.com CNAME e13678.ca.s.tl88.net
A 122.224.45.50
CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
CNAME www.microsoft.com-c-3.edgekey.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.203 49164 122.224.45.50 www.microsoft.com 80
192.168.122.203 49160 220.181.156.61 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.203 57923 192.168.122.1 53
192.168.122.203 58694 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://220.181.156.61/cloudquery.php
GET /cloudquery.php HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=27&ved=0CCEQfjSllQZU1lb2RqVUpMS0x1QnZVYk1HYW11&url=http%3A%2F%2F220.181.156.61%2Fcloudquery.php&ei=c2FqUFJwc3JZcWV3&usg=AFQjY0lURndSdGVIQmlr
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: 220.181.156.61
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.microsoft.com/
GET / HTTP/1.1
Host: www.microsoft.com
Connection: Close

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2018-03-19 11:28:49.795886+0800 122.224.45.50 80 192.168.122.203 49164 TCP 2012692 ET POLICY Microsoft user-agent automated process response to automated request A Network Trojan was detected

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 JavaDeployReg.log
相关文件
C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
文件大小 1068 字节
文件类型 ASCII text, with CRLF line terminators
MD5 6c5bcb2fe9d79de0f2b0b39e7e1ace02
SHA1 5efdb1d15cfa0e1c10086fd7a91a82ef8cc9757d
SHA256 1c811a22df0aebd24b1bbb13f11438ea78583f65d3978966c83b5cab78d805d3
CRC32 F5BF8DBA
Ssdeep 24:odn9LnnMm8uA8XlZQfU78Tc49PX/+1SInU:odn9LnnMruA8XlZQfU78Tc49PX/+AIU
下载提交魔盾安全分析显示文本
[2017/06/01 16:29:23.649] Latest deploy version:  
[2017/06/01 16:29:23.649] 11.121.2 
[2017/06/01 16:30:14.832] Latest deploy version:  
[2017/06/01 16:30:14.832] 11.121.2 
[2017/06/01 16:40:25.052] Latest deploy version:  
[2017/06/01 16:40:25.052] 11.121.2 
[2017/06/08 18:03:28.677] Latest deploy version:  
[2017/06/08 18:03:28.677] 11.121.2 
[2017/06/08 18:15:11.176] Latest deploy version:  
[2017/06/08 18:15:11.176] 11.121.2 
[2017/06/08 18:17:04.791] Latest deploy version:  
[2017/06/08 18:17:04.791] 11.121.2 
[2017/09/01 16:11:55.188] Latest deploy version:  
[2017/09/01 16:11:55.188] 11.121.2 
[2017/09/01 20:28:25.900] Latest deploy version:  
[2017/09/01 20:28:25.900] 11.121.2 
[2017/09/01 22:02:42.198] Latest deploy version:  
[2017/09/01 22:02:42.198] 11.121.2 
[2017/09/03 00:16:45.426] Latest deploy version:  
[2017/09/03 00:16:45.426] 11.121.2 
[2017/09/03 11:22:53.307] Latest deploy version:  
[2017/09/03 11:22:53.307] 11.121.2 
[2018/03/19 18:29:07.464] Latest deploy version:  
[2018/03/19 18:29:07.464] 11.121.2 
文件名 RecoveryStore.{80BB1243-2B25-11E8-BBD3-525400DC3206}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{80BB1243-2B25-11E8-BBD3-525400DC3206}.dat
文件大小 5120 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 d6160d5a304bd985ef9f8e038091600a
SHA1 69ba997e8100a747ab73f266cab4f9c510589fe2
SHA256 8b04f2a7a7ae3f852c17ddba87c61b7d2a973d9b90697ff6b7ae59c0451ef30e
CRC32 733C5B99
Ssdeep 12:rl0oGF2SaTrEgmZ+IaCrI0CIc8GbiF27orEg5+IaCrI0CI7uoeMiqI77vNlTqoSs:rLZTG5/k8y7o5/OMkNlWo7QNlWo
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小 65536 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 191d3d20f356bf520a7d1ed07b1bc08b
SHA1 bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a
SHA256 d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788
CRC32 BFF870C9
Ssdeep 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo
下载提交魔盾安全分析
文件名 {80BB1244-2B25-11E8-BBD3-525400DC3206}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{80BB1244-2B25-11E8-BBD3-525400DC3206}.dat
文件大小 4096 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 92e6a79a0ffe5f28425a1e521af61fc1
SHA1 d00baf8807af5b45db7893a192af56b9df7eb8ff
SHA256 3258842a74705f535c48249c4c52022768b157140eca57c263fa8598ce03092b
CRC32 9104DC36
Ssdeep 12:rl0YmGFjrEgm8GL7KFo1rEgm8Gz7qPNlCgrNl26ao:rNG841G8JNlLrNlIo
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0aee387ca0a52dcdd8f8a29ea76edb42
SHA1 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256 c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32 B451CA0B
Ssdeep 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果 2.0分析时间:2016-11-06 20:10:20查看分析报告
下载提交魔盾安全分析
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 26.402 seconds )

  • 12.796 Suricata
  • 9.074 NetworkAnalysis
  • 1.592 VirusTotal
  • 1.142 Static
  • 0.943 BehaviorAnalysis
  • 0.645 AnalysisInfo
  • 0.155 Debug
  • 0.051 Dropped
  • 0.004 Memory

Signatures ( 3.261 seconds )

  • 2.089 md_url_bl
  • 0.371 md_bad_drop
  • 0.175 antiav_detectreg
  • 0.064 infostealer_ftp
  • 0.052 stealth_timeout
  • 0.039 api_spamming
  • 0.036 antianalysis_detectreg
  • 0.036 infostealer_im
  • 0.029 stealth_file
  • 0.027 antivm_generic_scsi
  • 0.021 infostealer_mail
  • 0.016 md_domain_bl
  • 0.013 antivm_generic_services
  • 0.013 antiav_detectfile
  • 0.012 geodo_banking_trojan
  • 0.011 antivm_generic_disk
  • 0.01 mimics_filetime
  • 0.01 persistence_autorun
  • 0.009 kibex_behavior
  • 0.009 antivm_parallels_keys
  • 0.009 antivm_xen_keys
  • 0.009 darkcomet_regkeys
  • 0.009 infostealer_bitcoin
  • 0.008 antiemu_wine_func
  • 0.008 betabot_behavior
  • 0.008 antidbg_windows
  • 0.008 virus
  • 0.007 bootkit
  • 0.007 kovter_behavior
  • 0.006 infostealer_browser_password
  • 0.006 antivm_generic_diskreg
  • 0.006 ransomware_extensions
  • 0.006 ransomware_files
  • 0.005 hancitor_behavior
  • 0.005 antivm_vbox_files
  • 0.005 recon_fingerprint
  • 0.004 antivm_vbox_libs
  • 0.004 disables_browser_warn
  • 0.003 tinba_behavior
  • 0.003 rat_nanocore
  • 0.003 antiav_avast_libs
  • 0.003 injection_createremotethread
  • 0.003 ransomware_message
  • 0.003 vawtrak_behavior
  • 0.003 antisandbox_productid
  • 0.003 antivm_xen_keys
  • 0.003 antivm_hyperv_keys
  • 0.003 antivm_vbox_keys
  • 0.003 antivm_vmware_keys
  • 0.003 antivm_vpc_keys
  • 0.003 browser_security
  • 0.003 bypass_firewall
  • 0.003 network_torgateway
  • 0.002 stack_pivot
  • 0.002 dridex_behavior
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 exec_crash
  • 0.002 cerber_behavior
  • 0.002 injection_runpe
  • 0.002 antidbg_devices
  • 0.002 antivm_generic_system
  • 0.002 antivm_vbox_acpi
  • 0.002 packer_armadillo_regkey
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 persistence_bootexecute
  • 0.001 antivm_vmware_libs
  • 0.001 antivm_vbox_window
  • 0.001 modifies_desktop_wallpaper
  • 0.001 Locky_behavior
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 shifu_behavior
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_script_timer
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 codelux_behavior
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 ie_martian_children
  • 0.001 modify_security_center_warnings
  • 0.001 modify_uac_prompt
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_programs
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 targeted_flame

Reporting ( 0.584 seconds )

  • 0.584 ReportHTMLSummary
Task ID 139104
Mongo ID 5aaf2ef32e06336c431e8f79
Cuckoo release 1.4-Maldun