分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-hpdapp01-2 | 2018-03-19 12:36:46 | 2018-03-19 12:39:48 | 182 秒 |
魔盾分数
0.05
正常的
URL详细信息
| URL |
|---|
| URL专业沙箱检测 -> http://flare.jisusaiche.biz |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 104.28.21.78 | 美国 | |
| 否 | 27.148.139.192 | 中国 |
域名解析 (可点击查询WPING实时安全评级)
摘要
登录查看详细行为信息WHOIS 信息
Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None
Orginization: None
Domain Name(s):
jisusaiche.biz
JISUSAICHE.BIZ
Creation Date:
None
Updated Date:
None
Expiration Date:
None
Email(s):
None
Registrar(s):
None
Name Server(s):
dana.ns.cloudflare.com
beau.ns.cloudflare.com
BEAU.NS.CLOUDFLARE.COM
DANA.NS.CLOUDFLARE.COM
Referral URL(s):
None
| 防病毒引擎/厂商 | 网站安全分析 |
|---|---|
| CLEAN MX | Clean Site |
| DNS8 | Clean Site |
| VX Vault | Clean Site |
| ZDB Zeus | Clean Site |
| Tencent | Clean Site |
| Netcraft | Unrated Site |
| desenmascara_me | Clean Site |
| Dr_Web | Clean Site |
| PhishLabs | Unrated Site |
| Zerofox | Clean Site |
| K7AntiVirus | Clean Site |
| Virusdie External Site Scan | Clean Site |
| SCUMWARE_org | Clean Site |
| Quttera | Clean Site |
| AegisLab WebGuard | Clean Site |
| MalwareDomainList | Clean Site |
| ZeusTracker | Clean Site |
| zvelo | Clean Site |
| Google Safebrowsing | Clean Site |
| Kaspersky | Clean Site |
| BitDefender | Clean Site |
| Certly | Clean Site |
| G-Data | Clean Site |
| C-SIRT | Clean Site |
| OpenPhish | Clean Site |
| Malware Domain Blocklist | Clean Site |
| MalwarePatrol | Clean Site |
| Webutation | Clean Site |
| Trustwave | Clean Site |
| Web Security Guard | Clean Site |
| CyRadar | Clean Site |
| ADMINUSLabs | Clean Site |
| Malwarebytes hpHosts | Clean Site |
| Opera | Clean Site |
| AlienVault | Clean Site |
| Emsisoft | Clean Site |
| Malc0de Database | Clean Site |
| Spam404 | Clean Site |
| Phishtank | Clean Site |
| Malwared | Clean Site |
| Avira | Clean Site |
| NotMining | Unrated Site |
| CyberCrime | Clean Site |
| Antiy-AVL | Clean Site |
| Forcepoint ThreatSeeker | Clean Site |
| FraudSense | Clean Site |
| malwares_com URL checker | Clean Site |
| Comodo Site Inspector | Clean Site |
| Malekal | Clean Site |
| ESET | Clean Site |
| Sophos | Unrated Site |
| Yandex Safebrowsing | Clean Site |
| SecureBrain | Clean Site |
| Nucleon | Clean Site |
| Sucuri SiteCheck | Clean Site |
| Blueliv | Clean Site |
| ZCloudsec | Clean Site |
| AutoShun | Unrated Site |
| ThreatHive | Clean Site |
| FraudScore | Clean Site |
| Rising | Clean Site |
| URLQuery | Unrated Site |
| StopBadware | Unrated Site |
| Fortinet | Clean Site |
| ZeroCERT | Clean Site |
| Baidu-International | Clean Site |
| securolytics | Clean Site |
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 104.28.21.78 | 美国 | |
| 否 | 27.148.139.192 | 中国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49161 | 104.28.21.78 flare.jisusaiche.biz | 80 |
| 192.168.122.202 | 49162 | 104.28.21.78 flare.jisusaiche.biz | 80 |
| 192.168.122.202 | 49166 | 27.148.139.192 www.microsoft.com | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 50040 | 192.168.122.1 | 53 |
| 192.168.122.202 | 52977 | 192.168.122.1 | 53 |
| 192.168.122.202 | 56379 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49161 | 104.28.21.78 flare.jisusaiche.biz | 80 |
| 192.168.122.202 | 49162 | 104.28.21.78 flare.jisusaiche.biz | 80 |
| 192.168.122.202 | 49166 | 27.148.139.192 www.microsoft.com | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 50040 | 192.168.122.1 | 53 |
| 192.168.122.202 | 52977 | 192.168.122.1 | 53 |
| 192.168.122.202 | 56379 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://flare.jisusaiche.biz/ | GET / HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=19&ved=0CCEQfjaUhaY2JJU0RhTWNoZXRj&url=http%3A%2F%2Fflare.jisusaiche.biz&ei=ek5nUWh2SU1HR2Fa&usg=AFQjRHpER0FYT2Npb3ZB Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: flare.jisusaiche.biz Connection: Keep-Alive |
| URL专业沙箱检测 -> http://flare.jisusaiche.biz/favicon.ico | GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: flare.jisusaiche.biz Connection: Keep-Alive Cookie: __cfduid=da6778fc907343235d59d5a0bf462b2ba1521434271 |
| URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2018-03-19 12:39:01.769305+0800 | 27.148.139.192 | 80 | 192.168.122.202 | 49166 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | test@jisusaiche[1].txt |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@jisusaiche[1].txt
|
| 文件大小 | 116 字节 |
| 文件类型 | ASCII text |
| MD5 | a3f090c9055188c97f7039622bcce23c |
| SHA1 | 784551de11633116f98fac1e4252b66838c757e5 |
| SHA256 | 8097c6a3e3b027e84b50aace74fdb31c1bad6d9a33a6592d060f59b4d0ffb691 |
| CRC32 | 6CDD2759 |
| Ssdeep | 3:GmM/6SMZHI3dBWRscsfGgS7JCQoNBQFUxvX:XM/5g+WJsf8sQoNBQF4/ |
| 下载 提交魔盾安全分析 显示文本 | |
__cfduid da6778fc907343235d59d5a0bf462b2ba1521434271 jisusaiche.biz/ 9216 2193471872 30727693 2824322048 30654287 * |
|
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018031920180320\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 7896c4f69330082e2cf8759973bd2414 |
| SHA1 | 6dbacfeed13876900defcf11823462576f04f566 |
| SHA256 | e4791c69437f6d9b229ed61eda138b3b2140fd37edc9120793879ee4f146eb72 |
| CRC32 | 6CB5075D |
| Ssdeep | 6:qjyxXKCSBQ3Iu7SrFYB4WlN+XssfU3Iu7SdFYB4Wlz+Xssf:qjRpQ3ICWYaiN+rs3ICsYaiz+r |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
| 文件大小 | 65536 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
| SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
| SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
| CRC32 | BFF870C9 |
| Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
| 下载 提交魔盾安全分析 |
| 文件名 | favicon[1].ico |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\favicon[1].ico
|
| 文件大小 | 1150 字节 |
| 文件类型 | MS Windows icon resource - 1 icon, 16x16 |
| MD5 | eea497b7602f3f6a8764df09b0f28222 |
| SHA1 | 7bae94a7e1a9faad916afff4335b95b1c7db56c5 |
| SHA256 | 72f15faa8814bf2dba9bf5823120f602145ba5ecc59da412ea59d528861a2055 |
| CRC32 | 98BA455E |
| Ssdeep | 24:1QlO1Sp4Utxhg4gCde6jLraQoHIaV3Sc+FVq:W41G4Utzg4g8XqQra4jq |
| 下载 提交魔盾安全分析 |
| 文件名 | {271FE8A4-2B2F-11E8-BCEA-5254005E164C}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{271FE8A4-2B2F-11E8-BCEA-5254005E164C}.dat
|
| 文件大小 | 4608 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 7027437a43ad5f3f95b0264c733d3b61 |
| SHA1 | 60bbea55a1f901925835329a5390d257c6508800 |
| SHA256 | 96e403a6a641e5aee5e5284f7301b4e8f7c0dae332961fa35ad859f3b0319992 |
| CRC32 | CBD4092B |
| Ssdeep | 12:rlfFqyrEgmfR16FYrEgmf91qjNlYfOo3+/Nlk89oxMZklp:rGyGtGwNljowNlk8oKZk |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
| SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
| SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
| CRC32 | B451CA0B |
| Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
| 魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | RecoveryStore.{271FE8A3-2B2F-11E8-BCEA-5254005E164C}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{271FE8A3-2B2F-11E8-BCEA-5254005E164C}.dat
|
| 文件大小 | 3584 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 00cc7f863f00e4311e172236aa5e88d5 |
| SHA1 | 90eb434a24feb75ebec27aea90591c134a4ce034 |
| SHA256 | 8655598bc12cec95b7eef820d83b31f4bdc7703509b3e4ff6b05491974e68e3a |
| CRC32 | 8B305411 |
| Ssdeep | 12:rl0YmGF29orEg5+IaCrI017+Fr1DrEgmf+IaCy8qgQNlTqo:rI9o5/+xGv/TQNlWo |
| 下载 提交魔盾安全分析 |
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 24.002 seconds )
- 12.926 Suricata
- 6.907 NetworkAnalysis
- 1.442 BehaviorAnalysis
- 1.136 VirusTotal
- 1.128 Static
- 0.377 AnalysisInfo
- 0.042 Debug
- 0.041 Dropped
- 0.003 Memory
Signatures ( 3.541 seconds )
- 2.13 md_url_bl
- 0.372 md_bad_drop
- 0.22 antiav_detectreg
- 0.083 stealth_timeout
- 0.078 infostealer_ftp
- 0.061 api_spamming
- 0.049 antivm_generic_scsi
- 0.049 antianalysis_detectreg
- 0.045 infostealer_im
- 0.027 stealth_file
- 0.025 infostealer_mail
- 0.024 antivm_generic_services
- 0.019 md_domain_bl
- 0.014 antivm_generic_disk
- 0.014 antiav_detectfile
- 0.013 mimics_filetime
- 0.013 geodo_banking_trojan
- 0.012 betabot_behavior
- 0.012 vawtrak_behavior
- 0.011 kibex_behavior
- 0.011 antivm_xen_keys
- 0.011 darkcomet_regkeys
- 0.01 persistence_autorun
- 0.01 virus
- 0.01 antivm_parallels_keys
- 0.009 bootkit
- 0.009 infostealer_bitcoin
- 0.007 antiemu_wine_func
- 0.007 kovter_behavior
- 0.007 antivm_generic_diskreg
- 0.007 ransomware_files
- 0.006 andromeda_behavior
- 0.006 hancitor_behavior
- 0.006 infostealer_browser_password
- 0.006 antidbg_windows
- 0.006 antivm_vbox_files
- 0.006 ransomware_extensions
- 0.006 recon_fingerprint
- 0.005 dridex_behavior
- 0.005 disables_browser_warn
- 0.004 injection_createremotethread
- 0.004 Locky_behavior
- 0.004 antisandbox_productid
- 0.004 antivm_vbox_keys
- 0.004 antivm_vmware_keys
- 0.003 tinba_behavior
- 0.003 rat_nanocore
- 0.003 antivm_vbox_libs
- 0.003 antivm_vmware_events
- 0.003 injection_runpe
- 0.003 cryptowall_behavior
- 0.003 antivm_xen_keys
- 0.003 antivm_hyperv_keys
- 0.003 antivm_vbox_acpi
- 0.003 antivm_vpc_keys
- 0.003 browser_security
- 0.003 bypass_firewall
- 0.003 network_torgateway
- 0.003 packer_armadillo_regkey
- 0.002 antiav_avast_libs
- 0.002 stack_pivot
- 0.002 antisandbox_sunbelt_libs
- 0.002 dyre_behavior
- 0.002 shifu_behavior
- 0.002 exec_crash
- 0.002 cerber_behavior
- 0.002 antidbg_devices
- 0.002 antivm_generic_bios
- 0.002 antivm_generic_cpu
- 0.002 antivm_generic_system
- 0.002 bot_drive
- 0.002 recon_programs
- 0.001 hawkeye_behavior
- 0.001 network_tor
- 0.001 persistence_bootexecute
- 0.001 rat_luminosity
- 0.001 antivm_vmware_libs
- 0.001 antivm_vbox_window
- 0.001 injection_explorer
- 0.001 stealth_network
- 0.001 modifies_desktop_wallpaper
- 0.001 kazybot_behavior
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 ursnif_behavior
- 0.001 ispy_behavior
- 0.001 antianalysis_detectfile
- 0.001 antivm_vmware_files
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 codelux_behavior
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 ie_martian_children
- 0.001 maldun_blacklist
- 0.001 modify_security_center_warnings
- 0.001 modify_uac_prompt
- 0.001 office_security
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 targeted_flame
Reporting ( 0.687 seconds )
- 0.687 ReportHTMLSummary
| Task ID | 139121 |
|---|---|
| Mongo ID | 5aaf3f372e06336c621e9671 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号