分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-hpdapp01-2 | 2018-11-19 14:49:00 | 2018-11-19 14:51:25 | 145 秒 |
魔盾分数
1.95
正常的
URL详细信息
| URL |
|---|
| URL专业沙箱检测 -> https://www.laomoit.com/ |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 203.208.41.175 | 中国 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| www.gstatic.com |
A 203.208.41.175 A 203.208.41.191 A 203.208.41.184 A 203.208.41.183 |
摘要
登录查看详细行为信息WHOIS 信息
Name: None
Country: SG
State: xinjiapo
City: None
ZIP Code: None
Address: None
Orginization: None
Domain Name(s):
LAOMOIT.COM
laomoit.com
Creation Date:
2018-05-10 06:23:24
Updated Date:
2018-11-19 06:26:21
2018-09-04 04:22:04
Expiration Date:
2020-05-10 06:23:24
Email(s):
abuse@godaddy.com
Registrar(s):
GoDaddy.com, LLC
Name Server(s):
LV3NS1.FFDNS.NET
LV3NS2.FFDNS.NET
LV3NS3.FFDNS.NET
LV3NS4.FFDNS.NET
Referral URL(s):
None
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 203.208.41.175 | 中国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49199 | 203.208.41.175 www.gstatic.com | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 51869 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| www.gstatic.com |
A 203.208.41.175 A 203.208.41.191 A 203.208.41.184 A 203.208.41.183 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49199 | 203.208.41.175 www.gstatic.com | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 51869 | 192.168.122.1 | 53 |
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2018-11-19 14:49:33.715813+0800 | 192.168.122.202 | 49199 | 203.208.41.175 | 443 | TLS 1.1 | C=US, O=Google Trust Services, CN=Google Internet Authority G3 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com | fd:85:80:08:94:28:7b:0e:2f:13:06:09:d7:fd:f0:23:40:7c:e4:34 |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | 000038.sst |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000038.sst
|
| 文件大小 | 230 字节 |
| 文件类型 | data |
| MD5 | 984882979b50bf9b955ddc4f418b714a |
| SHA1 | 9ec5ff48a604f88b775fd2e43f13d45e9ea13430 |
| SHA256 | 9abb44496f801b2e1ef1a976dfc70d0f5d057f84b9f2ce656a7b97a96dbbad77 |
| CRC32 | ADB1CD15 |
| Ssdeep | 3:PEGH/lTbT4RjQdcR6bU1btl21UC6mWnm2XRAYellgylmbcstlkDRuWl2SKktT17:8Gl31dcR31bc8m4Z6zyPXXWuktTd |
| 下载 提交魔盾安全分析 |
| 文件名 | 5791.tmp |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\5791.tmp
|
| 文件大小 | 1 字节 |
| 文件类型 | very short file (no magic) |
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| CRC32 | 0ED4E242 |
| Ssdeep | 3:L:L |
| 下载 提交魔盾安全分析 |
| 文件名 | History Index 2018-08-journal |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\History Index 2018-08-journal
|
| 文件大小 | 41552 字节 |
| 文件类型 | data |
| MD5 | 4dc278fdf57e611329d08297dcf5d79d |
| SHA1 | a9f57fd5da42c4f8026c82060ecd04cee335a094 |
| SHA256 | 43e3bd50657e2c383227134224f6a631e3d068215cfaacdeeb6736141ff253a6 |
| CRC32 | C913584C |
| Ssdeep | 384:3T8fkTdW06j3UVfTPTryqFJwE0YsBhdQwV4alY2qIIoCmsAySpfahy:LTdW0rfT6EHSnmfa6DHKsE8hy |
| 下载 提交魔盾安全分析 |
| 文件名 | MANIFEST-000001 |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
|
| 文件大小 | 41 字节 |
| 文件类型 | PGP\011Secret Key - |
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| CRC32 | 7B501CA0 |
| Ssdeep | 3:scoBAIxQRDKIVjn:scoBY7jn |
| 魔盾安全分析结果 | 4.0 分析时间:2016-11-06 23:37:10 查看分析报告 |
| 下载 提交魔盾安全分析 |
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 32.881 seconds )
- 12.905 Suricata
- 9.667 BehaviorAnalysis
- 8.214 NetworkAnalysis
- 1.982 Static
- 0.058 AnalysisInfo
- 0.034 Debug
- 0.018 Dropped
- 0.003 Memory
Signatures ( 4.986 seconds )
- 0.571 antiav_detectreg
- 0.491 api_spamming
- 0.463 stealth_timeout
- 0.42 md_bad_drop
- 0.378 mimics_filetime
- 0.256 stealth_file
- 0.248 antivm_generic_disk
- 0.238 virus
- 0.214 infostealer_ftp
- 0.21 bootkit
- 0.123 hancitor_behavior
- 0.122 infostealer_im
- 0.078 antivm_generic_scsi
- 0.07 infostealer_mail
- 0.064 antiav_detectfile
- 0.062 injection_createremotethread
- 0.055 stack_pivot
- 0.043 antivm_generic_services
- 0.043 infostealer_bitcoin
- 0.041 anormaly_invoke_kills
- 0.039 injection_runpe
- 0.035 ransomware_extensions
- 0.032 kibex_behavior
- 0.031 ransomware_files
- 0.029 antivm_xen_keys
- 0.029 darkcomet_regkeys
- 0.028 antivm_parallels_keys
- 0.027 recon_fingerprint
- 0.025 betabot_behavior
- 0.025 antivm_vbox_files
- 0.024 geodo_banking_trojan
- 0.022 rat_luminosity
- 0.02 injection_explorer
- 0.019 antivm_generic_diskreg
- 0.019 md_domain_bl
- 0.016 antisandbox_productid
- 0.016 md_url_bl
- 0.015 vawtrak_behavior
- 0.012 antivm_vmware_keys
- 0.012 rat_pcclient
- 0.011 process_needed
- 0.01 ipc_namedpipe
- 0.01 anomaly_persistence_autorun
- 0.01 kovter_behavior
- 0.01 antivm_vbox_keys
- 0.01 packer_armadillo_regkey
- 0.009 ransomware_message
- 0.009 infostealer_browser_password
- 0.009 bypass_firewall
- 0.009 antivm_xen_keys
- 0.009 antivm_hyperv_keys
- 0.009 antivm_vbox_acpi
- 0.009 antivm_vpc_keys
- 0.009 recon_programs
- 0.008 network_tor
- 0.008 sets_autoconfig_url
- 0.008 securityxploded_modules
- 0.008 antivm_generic_bios
- 0.008 antivm_generic_cpu
- 0.008 antivm_generic_system
- 0.007 hawkeye_behavior
- 0.006 antiemu_wine_func
- 0.006 antivm_vbox_window
- 0.006 antisandbox_script_timer
- 0.005 antivm_vbox_libs
- 0.005 rat_nanocore
- 0.005 kazybot_behavior
- 0.005 disables_wfp
- 0.005 h1n1_behavior
- 0.005 codelux_behavior
- 0.004 tinba_behavior
- 0.004 disables_spdy
- 0.004 antivm_vmware_files
- 0.004 network_torgateway
- 0.003 TrickBotTaskDelete
- 0.003 deletes_self
- 0.003 shifu_behavior
- 0.003 sniffer_winpcap
- 0.003 disables_browser_warn
- 0.002 removes_zoneid_ads
- 0.002 antiav_avast_libs
- 0.002 infostealer_browser
- 0.002 antisandbox_sunbelt_libs
- 0.002 exec_crash
- 0.002 ransomware_file_modifications
- 0.002 cerber_behavior
- 0.002 antivm_vpc_files
- 0.002 banker_cridex
- 0.002 browser_security
- 0.002 targeted_flame
- 0.002 network_tor_service
- 0.002 stealth_modify_uac_prompt
- 0.002 stealth_web_history
- 0.001 upatre_behavior
- 0.001 network_anomaly
- 0.001 dridex_behavior
- 0.001 antivm_vmware_libs
- 0.001 ursnif_behavior
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 ransomeware_modifies_desktop_wallpaper
- 0.001 spreading_autoruninf
- 0.001 antisandbox_fortinet_files
- 0.001 antisandbox_sunbelt_files
- 0.001 antiemu_wine_reg
- 0.001 banker_zeus_mutex
- 0.001 bitcoin_opencl
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 ie_martian_children
- 0.001 ransomware_radamant
- 0.001 rat_spynet
- 0.001 spreading_autoruninf
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_security_center_warnings
- 0.001 whois_create
Reporting ( 0.0 seconds )
| Task ID | 215009 |
|---|---|
| Mongo ID | 5bf25db82e06334ae36c8a2c |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号