分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-hpdapp01-1 | 2018-07-18 13:52:46 | 2018-07-18 13:55:26 | 160 秒 |
魔盾分数
1.65
正常的
URL详细信息
| URL |
|---|
| URL专业沙箱检测 -> http://192.99.142.248:8220/mr.sh |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 192.99.142.248 | 加拿大 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息WHOIS 信息
| 防病毒引擎/厂商 | 网站安全分析 |
|---|---|
| CLEAN MX | Clean Site |
| DNS8 | Clean Site |
| VX Vault | Clean Site |
| ZDB Zeus | Clean Site |
| Tencent | Clean Site |
| Netcraft | Unrated Site |
| desenmascara_me | Clean Site |
| Dr_Web | Clean Site |
| PhishLabs | Unrated Site |
| Zerofox | Clean Site |
| K7AntiVirus | Clean Site |
| Virusdie External Site Scan | Clean Site |
| SCUMWARE_org | Clean Site |
| Quttera | Clean Site |
| AegisLab WebGuard | Clean Site |
| MalwareDomainList | Clean Site |
| ZeusTracker | Clean Site |
| zvelo | Clean Site |
| Google Safebrowsing | Clean Site |
| Kaspersky | Unrated Site |
| BitDefender | Malware Site |
| Certly | Clean Site |
| G-Data | Clean Site |
| C-SIRT | Clean Site |
| OpenPhish | Clean Site |
| Malware Domain Blocklist | Clean Site |
| MalwarePatrol | Clean Site |
| Webutation | Clean Site |
| Trustwave | Clean Site |
| Web Security Guard | Clean Site |
| CyRadar | Clean Site |
| ADMINUSLabs | Clean Site |
| Malwarebytes hpHosts | Clean Site |
| Opera | Clean Site |
| AlienVault | Clean Site |
| Emsisoft | Clean Site |
| Malc0de Database | Clean Site |
| Spam404 | Clean Site |
| Phishtank | Clean Site |
| Malwared | Clean Site |
| Avira | Clean Site |
| NotMining | Unrated Site |
| CyberCrime | Clean Site |
| Antiy-AVL | Clean Site |
| Forcepoint ThreatSeeker | Clean Site |
| FraudSense | Clean Site |
| malwares_com URL checker | Clean Site |
| Comodo Site Inspector | Clean Site |
| Malekal | Clean Site |
| ESET | Clean Site |
| Sophos | Malicious Site |
| Yandex Safebrowsing | Clean Site |
| SecureBrain | Clean Site |
| Nucleon | Clean Site |
| Sucuri SiteCheck | Clean Site |
| Blueliv | Clean Site |
| ZCloudsec | Clean Site |
| AutoShun | Unrated Site |
| ThreatHive | Clean Site |
| FraudScore | Clean Site |
| Rising | Clean Site |
| URLQuery | Unrated Site |
| StopBadware | Unrated Site |
| Fortinet | Clean Site |
| ZeroCERT | Clean Site |
| Baidu-International | Clean Site |
| securolytics | Clean Site |
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 192.99.142.248 | 加拿大 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 192.99.142.248 | 8220 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 57651 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 192.99.142.248 | 8220 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 57651 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://192.99.142.248:8220/mr.sh | GET /mr.sh HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=24&ved=0CCEQfjaWN4Z0pGSER5QVF5cnhweHVN&url=http%3A%2F%2F192.99.142.248%3A8220%2Fmr.sh&ei=c3lyUWdIYUlBc1Bz&usg=AFQjYnF6dXh3RVdZc3VZ Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 192.99.142.248:8220 Connection: Keep-Alive |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | JavaDeployReg.log |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
|
| 文件大小 | 1068 字节 |
| 文件类型 | ASCII text, with CRLF line terminators |
| MD5 | c5052664272c0f3f1d0827fe982161a9 |
| SHA1 | 30d6c6c88729388fbe9206f5c62e807866bee8ea |
| SHA256 | a87ffe4c4359ec31ea774368ac12c8590b4d0658a82261bb816c12efee1f0423 |
| CRC32 | 4C73C011 |
| Ssdeep | 24:odn9LnnMm8uA8XlZQfU78Tc49PX/+1S6y5h:odn9LnnMruA8XlZQfU78Tc49PX/+A6y3 |
| 下载 提交魔盾安全分析 显示文本 | |
[2017/06/01 16:29:23.649] Latest deploy version: [2017/06/01 16:29:23.649] 11.121.2 [2017/06/01 16:30:14.832] Latest deploy version: [2017/06/01 16:30:14.832] 11.121.2 [2017/06/01 16:40:25.052] Latest deploy version: [2017/06/01 16:40:25.052] 11.121.2 [2017/06/08 18:03:28.677] Latest deploy version: [2017/06/08 18:03:28.677] 11.121.2 [2017/06/08 18:15:11.176] Latest deploy version: [2017/06/08 18:15:11.176] 11.121.2 [2017/06/08 18:17:04.791] Latest deploy version: [2017/06/08 18:17:04.791] 11.121.2 [2017/09/01 16:11:55.188] Latest deploy version: [2017/09/01 16:11:55.188] 11.121.2 [2017/09/01 20:28:25.900] Latest deploy version: [2017/09/01 20:28:25.900] 11.121.2 [2017/09/01 22:02:42.198] Latest deploy version: [2017/09/01 22:02:42.198] 11.121.2 [2017/09/03 00:16:45.426] Latest deploy version: [2017/09/03 00:16:45.426] 11.121.2 [2017/09/03 11:22:53.307] Latest deploy version: [2017/09/03 11:22:53.307] 11.121.2 [2018/07/18 14:54:15.078] Latest deploy version: [2018/07/18 14:54:15.078] 11.121.2 |
|
| 文件名 | frameiconcache.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
|
| 文件大小 | 9148 字节 |
| 文件类型 | data |
| MD5 | e68c4bec159f7493a13d86b7d9074df5 |
| SHA1 | 725c8ce3ba9bebc2a0844d61750794ba04c92746 |
| SHA256 | aff960513d890aaca6cfc7cf215538b734388dbdebdc8deb7743297d03311f62 |
| CRC32 | E0D01FBC |
| Ssdeep | 12:vc6l1QF6vEMXAt+prwMk6IJFJy8JTX8JHK8JKcFn8J8YHK8Z6A1JoRyUZdpwpGeq:RqcEMXIgrARicaAVrrU |
| 魔盾安全分析结果 | 2.0 分析时间:2016-11-17 08:00:32 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | {D16CC204-8A4E-11E8-A5BE-5254008A4709}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D16CC204-8A4E-11E8-A5BE-5254008A4709}.dat
|
| 文件大小 | 4096 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | ad35d65009e18ed76aaf2530893c27a3 |
| SHA1 | fce53f65e841257ebd13a264a2766b188147b43a |
| SHA256 | 718d49ecc846487280c41d480ed512866cf70b0d49556f9cab15cbb11a97070f |
| CRC32 | 12348CAC |
| Ssdeep | 12:rl0YmGFufrEgm8GL7KF70rEgm8Gz7qPNlCgrNl26ao:rQfG8L0G8JNlLrNlIo |
| 下载 提交魔盾安全分析 |
| 文件名 | RecoveryStore.{D16CC203-8A4E-11E8-A5BE-5254008A4709}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D16CC203-8A4E-11E8-A5BE-5254008A4709}.dat
|
| 文件大小 | 5120 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 4ab6a8eff9a85938b2949872a539c881 |
| SHA1 | 310e09003be39a1628ff7272adc63e9965d40884 |
| SHA256 | 948eb9201f4cf97efefec0bd38ed7dd388d44f79f3dc2748274eac75c4688e06 |
| CRC32 | 7739F0EA |
| Ssdeep | 12:rl0oGF29TrEgmZ+IaCrI0CIc8GbiF2YrEg5+IaCrI0CI7uoeMiqI77vNlTqo6F4n:rL9TG5/k8yY5/OMkNlWoaQNlWo |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
| SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
| SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
| CRC32 | B451CA0B |
| Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
| 魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
| 文件大小 | 65536 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 0ee0d92f5ad9cd4d354a120734ae8e5e |
| SHA1 | a3d2338356b933a1240f053b89efe7f1b5e63353 |
| SHA256 | bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771 |
| CRC32 | 36F430F7 |
| Ssdeep | 384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg |
| 下载 提交魔盾安全分析 |
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 26.57 seconds )
- 11.905 Suricata
- 5.258 BehaviorAnalysis
- 4.085 NetworkAnalysis
- 3.746 Static
- 1.185 VirusTotal
- 0.321 AnalysisInfo
- 0.05 Dropped
- 0.017 Debug
- 0.003 Memory
Signatures ( 7.741 seconds )
- 2.068 md_url_bl
- 1.734 antiav_detectreg
- 0.643 md_bad_drop
- 0.574 infostealer_ftp
- 0.356 antianalysis_detectreg
- 0.32 infostealer_im
- 0.241 stealth_timeout
- 0.182 antivm_generic_scsi
- 0.182 infostealer_mail
- 0.177 api_spamming
- 0.132 antivm_generic_services
- 0.09 antivm_parallels_keys
- 0.09 antivm_xen_keys
- 0.09 darkcomet_regkeys
- 0.086 kibex_behavior
- 0.065 geodo_banking_trojan
- 0.061 betabot_behavior
- 0.059 antivm_generic_diskreg
- 0.039 stealth_file
- 0.037 antivm_generic_disk
- 0.032 antivm_vmware_keys
- 0.031 antivm_vbox_keys
- 0.03 antivm_hyperv_keys
- 0.029 antivm_xen_keys
- 0.029 antivm_vbox_acpi
- 0.029 antivm_vpc_keys
- 0.029 bypass_firewall
- 0.029 packer_armadillo_regkey
- 0.027 mimics_filetime
- 0.026 virus
- 0.022 bootkit
- 0.015 md_domain_bl
- 0.013 antiav_detectfile
- 0.01 hancitor_behavior
- 0.01 persistence_autorun
- 0.009 stack_pivot
- 0.009 infostealer_bitcoin
- 0.007 antiemu_wine_func
- 0.007 ransomware_files
- 0.006 kovter_behavior
- 0.006 ransomware_extensions
- 0.005 infostealer_browser_password
- 0.005 antidbg_windows
- 0.005 antiemu_wine_reg
- 0.005 antivm_vbox_files
- 0.005 recon_fingerprint
- 0.004 rat_luminosity
- 0.004 antivm_vbox_libs
- 0.004 disables_browser_warn
- 0.003 tinba_behavior
- 0.003 rat_nanocore
- 0.003 antiav_avast_libs
- 0.003 injection_createremotethread
- 0.003 ransomware_message
- 0.003 antisandbox_productid
- 0.003 browser_security
- 0.002 dridex_behavior
- 0.002 antisandbox_sunbelt_libs
- 0.002 exec_crash
- 0.002 vawtrak_behavior
- 0.002 cerber_behavior
- 0.002 injection_runpe
- 0.002 antidbg_devices
- 0.002 antivm_generic_bios
- 0.002 antivm_generic_cpu
- 0.002 antivm_generic_system
- 0.002 recon_programs
- 0.001 hawkeye_behavior
- 0.001 network_tor
- 0.001 persistence_bootexecute
- 0.001 antivm_vmware_libs
- 0.001 antivm_vbox_window
- 0.001 modifies_desktop_wallpaper
- 0.001 Locky_behavior
- 0.001 kazybot_behavior
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 shifu_behavior
- 0.001 ursnif_behavior
- 0.001 antianalysis_detectfile
- 0.001 antivm_vmware_files
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 codelux_behavior
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 ie_martian_children
- 0.001 modify_security_center_warnings
- 0.001 modify_uac_prompt
- 0.001 office_security
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 targeted_flame
Reporting ( 0.641 seconds )
- 0.641 ReportHTMLSummary
| Task ID | 170933 |
|---|---|
| Mongo ID | 5b4ed68a2e063307d8338fd3 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号