分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-hpdapp01-1 | 2018-11-19 14:47:32 | 2018-11-19 14:49:56 | 144 秒 |
魔盾分数
3.55
可疑的
URL详细信息
| URL |
|---|
| URL专业沙箱检测 -> https://www.wisevector.com/ |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 203.208.41.47 | 中国 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| www.gstatic.com |
A 203.208.41.55 A 203.208.41.63 A 203.208.41.56 A 203.208.41.47 |
摘要
登录查看详细行为信息WHOIS 信息
Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None
Orginization: None
Domain Name(s):
WISEVECTOR.COM
wisevector.com
Creation Date:
2017-12-05 03:54:01
2017-12-04 16:00:00
Updated Date:
2018-08-07 07:13:01
2018-07-20 05:21:44
Expiration Date:
2019-12-05 03:54:01
2019-12-04 16:00:00
Email(s):
supervision@xinnet.com
Registrar(s):
XINNET TECHNOLOGY CORPORATION
Name Server(s):
F1G1NS1.DNSPOD.NET
F1G1NS2.DNSPOD.NET
f1g1ns1.dnspod.net
f1g1ns2.dnspod.net
Referral URL(s):
None
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 203.208.41.47 | 中国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49196 | 203.208.41.47 www.gstatic.com | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 60891 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| www.gstatic.com |
A 203.208.41.55 A 203.208.41.63 A 203.208.41.56 A 203.208.41.47 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49196 | 203.208.41.47 www.gstatic.com | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 60891 | 192.168.122.1 | 53 |
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2018-11-19 14:48:01.448150+0800 | 192.168.122.201 | 49196 | 203.208.41.47 | 443 | TLS 1.1 | C=US, O=Google Trust Services, CN=Google Internet Authority G3 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com | fd:85:80:08:94:28:7b:0e:2f:13:06:09:d7:fd:f0:23:40:7c:e4:34 |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | 000038.sst |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000038.sst
|
| 文件大小 | 230 字节 |
| 文件类型 | data |
| MD5 | 984882979b50bf9b955ddc4f418b714a |
| SHA1 | 9ec5ff48a604f88b775fd2e43f13d45e9ea13430 |
| SHA256 | 9abb44496f801b2e1ef1a976dfc70d0f5d057f84b9f2ce656a7b97a96dbbad77 |
| CRC32 | ADB1CD15 |
| Ssdeep | 3:PEGH/lTbT4RjQdcR6bU1btl21UC6mWnm2XRAYellgylmbcstlkDRuWl2SKktT17:8Gl31dcR31bc8m4Z6zyPXXWuktTd |
| 下载 提交魔盾安全分析 |
| 文件名 | History Index 2018-08-journal |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\History Index 2018-08-journal
|
| 文件大小 | 41552 字节 |
| 文件类型 | data |
| MD5 | c9223bd997cb9ecb363618e426b942f7 |
| SHA1 | 117802aa9cc5fd7f536a68cd5c398199cddfab84 |
| SHA256 | 118e612d2bcdedcec58d80cfb1a32ca41e289eec5cf2002e729eac04b8745665 |
| CRC32 | 9D7143C7 |
| Ssdeep | 384:pTCfkTdW06j3UVfTgTryqFJwE0YsBh7QwV4alY2qICoCmsAySpfahj:zTdW0rfTzEHSn8fa6DpKsE8hj |
| 下载 提交魔盾安全分析 |
| 文件名 | 694C.tmp |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\694C.tmp
|
| 文件大小 | 1 字节 |
| 文件类型 | very short file (no magic) |
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| CRC32 | 0ED4E242 |
| Ssdeep | 3:L:L |
| 下载 提交魔盾安全分析 |
| 文件名 | MANIFEST-000001 |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
|
| 文件大小 | 41 字节 |
| 文件类型 | PGP\011Secret Key - |
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| CRC32 | 7B501CA0 |
| Ssdeep | 3:scoBAIxQRDKIVjn:scoBY7jn |
| 魔盾安全分析结果 | 4.0 分析时间:2016-11-06 23:37:10 查看分析报告 |
| 下载 提交魔盾安全分析 |
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 49.428 seconds )
- 24.961 BehaviorAnalysis
- 11.836 Suricata
- 9.467 NetworkAnalysis
- 3.009 Static
- 0.093 AnalysisInfo
- 0.041 Debug
- 0.018 Dropped
- 0.003 Memory
Signatures ( 9.341 seconds )
- 1.32 api_spamming
- 1.279 stealth_timeout
- 0.952 mimics_filetime
- 0.569 antiav_detectreg
- 0.492 stealth_file
- 0.49 antivm_generic_disk
- 0.479 md_bad_drop
- 0.465 virus
- 0.405 bootkit
- 0.336 antivm_generic_scsi
- 0.251 hancitor_behavior
- 0.228 infostealer_ftp
- 0.21 antivm_generic_services
- 0.199 anormaly_invoke_kills
- 0.129 infostealer_im
- 0.125 injection_createremotethread
- 0.112 stack_pivot
- 0.102 antiav_detectfile
- 0.079 injection_runpe
- 0.076 infostealer_mail
- 0.075 infostealer_bitcoin
- 0.048 ransomware_extensions
- 0.045 rat_luminosity
- 0.041 injection_explorer
- 0.041 antivm_vbox_files
- 0.034 kibex_behavior
- 0.032 ransomware_files
- 0.031 vawtrak_behavior
- 0.029 betabot_behavior
- 0.028 antivm_parallels_keys
- 0.028 antivm_xen_keys
- 0.028 darkcomet_regkeys
- 0.025 geodo_banking_trojan
- 0.024 recon_fingerprint
- 0.023 process_needed
- 0.019 antivm_generic_diskreg
- 0.019 md_domain_bl
- 0.017 kovter_behavior
- 0.017 rat_pcclient
- 0.016 antisandbox_productid
- 0.015 md_url_bl
- 0.014 network_tor
- 0.014 infostealer_browser_password
- 0.013 hawkeye_behavior
- 0.013 antivm_vbox_window
- 0.012 ransomware_message
- 0.012 ipc_namedpipe
- 0.012 antisandbox_script_timer
- 0.011 anomaly_persistence_autorun
- 0.011 h1n1_behavior
- 0.011 securityxploded_modules
- 0.01 sets_autoconfig_url
- 0.01 antivm_vbox_keys
- 0.01 antivm_vmware_keys
- 0.009 bypass_firewall
- 0.009 antivm_xen_keys
- 0.009 antivm_hyperv_keys
- 0.009 antivm_vbox_acpi
- 0.009 antivm_vpc_keys
- 0.009 packer_armadillo_regkey
- 0.008 antiemu_wine_func
- 0.008 antivm_vbox_libs
- 0.008 kazybot_behavior
- 0.008 antivm_generic_system
- 0.008 antivm_vmware_files
- 0.008 recon_programs
- 0.007 antivm_generic_bios
- 0.007 antivm_generic_cpu
- 0.007 codelux_behavior
- 0.006 rat_nanocore
- 0.006 deletes_self
- 0.006 disables_wfp
- 0.006 sniffer_winpcap
- 0.005 disables_spdy
- 0.005 TrickBotTaskDelete
- 0.004 removes_zoneid_ads
- 0.004 tinba_behavior
- 0.004 antiav_avast_libs
- 0.004 antisandbox_sunbelt_libs
- 0.004 shifu_behavior
- 0.004 exec_crash
- 0.004 antivm_vpc_files
- 0.004 targeted_flame
- 0.004 network_tor_service
- 0.003 upatre_behavior
- 0.003 infostealer_browser
- 0.003 antisandbox_sboxie_libs
- 0.003 antiav_bitdefender_libs
- 0.003 ransomware_file_modifications
- 0.003 cerber_behavior
- 0.003 banker_cridex
- 0.003 disables_browser_warn
- 0.003 network_torgateway
- 0.002 network_anomaly
- 0.002 antivm_vmware_libs
- 0.002 spreading_autoruninf
- 0.002 antisandbox_sunbelt_files
- 0.002 browser_security
- 0.002 spreading_autoruninf
- 0.002 stealth_web_history
- 0.001 dridex_behavior
- 0.001 stealth_network
- 0.001 ursnif_behavior
- 0.001 modifies_hostfile
- 0.001 antisandbox_fortinet_files
- 0.001 antisandbox_joe_anubis_files
- 0.001 antisandbox_threattrack_files
- 0.001 antivm_vbox_devices
- 0.001 antiemu_wine_reg
- 0.001 banker_zeus_mutex
- 0.001 bitcoin_opencl
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 ie_martian_children
- 0.001 ransomware_radamant
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
- 0.001 whois_create
Reporting ( 0.0 seconds )
| Task ID | 215006 |
|---|---|
| Mongo ID | 5bf25daa2e06334ae26c8ce7 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号