分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp01-3 | 2018-03-19 11:27:46 | 2018-03-19 11:30:22 | 156 秒 |
URL |
---|
URL专业沙箱检测 -> http://220.181.156.61/cloudquery.php |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 122.224.45.50 | 中国 | |
是 | 220.181.156.61 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
www.microsoft.com |
CNAME e13678.ca.s.tl88.net A 122.224.45.50 CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net |
Name: None Country: None State: None City: None ZIP Code: None Address: None Orginization: None Domain Name(s): None Creation Date: None Updated Date: None Expiration Date: None Email(s): search-apnic-not-arin@apnic.net 'anti-spam@ns.chinanet.cn.net anti-spam@ns.chinanet.cn.net bjnic@bjtelecom.net Registrar(s): None Name Server(s): None Referral URL(s): None
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 122.224.45.50 | 中国 | |
是 | 220.181.156.61 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.203 | 49164 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.203 | 49160 | 220.181.156.61 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.203 | 57923 | 192.168.122.1 | 53 |
192.168.122.203 | 58694 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
www.microsoft.com |
CNAME e13678.ca.s.tl88.net A 122.224.45.50 CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.203 | 49164 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.203 | 49160 | 220.181.156.61 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.203 | 57923 | 192.168.122.1 | 53 |
192.168.122.203 | 58694 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://220.181.156.61/cloudquery.php | GET /cloudquery.php HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=27&ved=0CCEQfjSllQZU1lb2RqVUpMS0x1QnZVYk1HYW11&url=http%3A%2F%2F220.181.156.61%2Fcloudquery.php&ei=c2FqUFJwc3JZcWV3&usg=AFQjY0lURndSdGVIQmlr Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 220.181.156.61 Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2018-03-19 11:28:49.795886+0800 | 122.224.45.50 | 80 | 192.168.122.203 | 49164 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
No TLS
No Suricata HTTP
文件名 | JavaDeployReg.log |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
|
文件大小 | 1068 字节 |
文件类型 | ASCII text, with CRLF line terminators |
MD5 | 6c5bcb2fe9d79de0f2b0b39e7e1ace02 |
SHA1 | 5efdb1d15cfa0e1c10086fd7a91a82ef8cc9757d |
SHA256 | 1c811a22df0aebd24b1bbb13f11438ea78583f65d3978966c83b5cab78d805d3 |
CRC32 | F5BF8DBA |
Ssdeep | 24:odn9LnnMm8uA8XlZQfU78Tc49PX/+1SInU:odn9LnnMruA8XlZQfU78Tc49PX/+AIU |
下载 提交魔盾安全分析 显示文本 | |
[2017/06/01 16:29:23.649] Latest deploy version: [2017/06/01 16:29:23.649] 11.121.2 [2017/06/01 16:30:14.832] Latest deploy version: [2017/06/01 16:30:14.832] 11.121.2 [2017/06/01 16:40:25.052] Latest deploy version: [2017/06/01 16:40:25.052] 11.121.2 [2017/06/08 18:03:28.677] Latest deploy version: [2017/06/08 18:03:28.677] 11.121.2 [2017/06/08 18:15:11.176] Latest deploy version: [2017/06/08 18:15:11.176] 11.121.2 [2017/06/08 18:17:04.791] Latest deploy version: [2017/06/08 18:17:04.791] 11.121.2 [2017/09/01 16:11:55.188] Latest deploy version: [2017/09/01 16:11:55.188] 11.121.2 [2017/09/01 20:28:25.900] Latest deploy version: [2017/09/01 20:28:25.900] 11.121.2 [2017/09/01 22:02:42.198] Latest deploy version: [2017/09/01 22:02:42.198] 11.121.2 [2017/09/03 00:16:45.426] Latest deploy version: [2017/09/03 00:16:45.426] 11.121.2 [2017/09/03 11:22:53.307] Latest deploy version: [2017/09/03 11:22:53.307] 11.121.2 [2018/03/19 18:29:07.464] Latest deploy version: [2018/03/19 18:29:07.464] 11.121.2 |
文件名 | RecoveryStore.{80BB1243-2B25-11E8-BBD3-525400DC3206}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{80BB1243-2B25-11E8-BBD3-525400DC3206}.dat
|
文件大小 | 5120 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | d6160d5a304bd985ef9f8e038091600a |
SHA1 | 69ba997e8100a747ab73f266cab4f9c510589fe2 |
SHA256 | 8b04f2a7a7ae3f852c17ddba87c61b7d2a973d9b90697ff6b7ae59c0451ef30e |
CRC32 | 733C5B99 |
Ssdeep | 12:rl0oGF2SaTrEgmZ+IaCrI0CIc8GbiF27orEg5+IaCrI0CI7uoeMiqI77vNlTqoSs:rLZTG5/k8y7o5/OMkNlWo7QNlWo |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
文件大小 | 65536 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
CRC32 | BFF870C9 |
Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
下载 提交魔盾安全分析 |
文件名 | {80BB1244-2B25-11E8-BBD3-525400DC3206}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{80BB1244-2B25-11E8-BBD3-525400DC3206}.dat
|
文件大小 | 4096 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | 92e6a79a0ffe5f28425a1e521af61fc1 |
SHA1 | d00baf8807af5b45db7893a192af56b9df7eb8ff |
SHA256 | 3258842a74705f535c48249c4c52022768b157140eca57c263fa8598ce03092b |
CRC32 | 9104DC36 |
Ssdeep | 12:rl0YmGFjrEgm8GL7KFo1rEgm8Gz7qPNlCgrNl26ao:rNG841G8JNlLrNlIo |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
CRC32 | B451CA0B |
Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 139104 |
---|---|
Mongo ID | 5aaf2ef32e06336c431e8f79 |
Cuckoo release | 1.4-Maldun |