分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-06-21 12:38:34 | 2019-06-21 12:41:02 | 148 秒 |
魔盾分数
5.32
可疑的
文件详细信息
| 文件名 | 闪电活动助手 科学刀v2.9.5.zip ==> \xc9\xc1\xb5\xe7\xbb\xee\xb6\xaf\xd6\xfa\xca\xd6 \xbf\xc6\xd1\xa7\xb5\xb6v2.9.5.exe |
|---|---|
| 文件大小 | 3061248 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 69c00ab4993ba2fdf491adacc4a9a24d |
| SHA1 | 77eee8c90f7de438755021981d0baf487486a429 |
| SHA256 | be8049cf372c1b90f17722887d046062a1eb456e5f49592ee87bbd1b71f4907e |
| SHA512 | b303f56fd6de8251c1bab64afb6f4c646d9dfee2e21e9f84c62d0d92721a8cd48823a8c52c7ed6e400fbbc79b58dfef0debf6144e4fab055ba2f6e5bb8a611d8 |
| CRC32 | 84C91829 |
| Ssdeep | 49152:MwPIqC/8KQGQ6G7DLUDVjwCqRH/E5qXkcRQSmGtFuC8LGQkk3YkKV30X2VwIyF9D:M0Iqg3CYg/3XHG5GvDi3imrI4G2v/ |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 46.232.249.248 | 未知 | |
| 否 | 47.98.44.57 | 中国 | |
| 否 | 59.111.179.136 | 中国 |
域名解析 (可点击查询WPING实时安全评级)
摘要
登录查看详细行为信息v2.9.5.exeup+
pvf56)M
6,_B_
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 46.232.249.248 | 未知 | |
| 否 | 47.98.44.57 | 中国 | |
| 否 | 59.111.179.136 | 中国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49164 | 46.232.249.248 s2.ax1x.com | 443 |
| 192.168.122.201 | 49161 | 47.98.44.57 www.shandian22.com | 443 |
| 192.168.122.201 | 49162 | 47.98.44.57 www.shandian22.com | 1433 |
| 192.168.122.201 | 49163 | 59.111.179.136 note.youdao.com | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 58181 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61698 | 192.168.122.1 | 53 |
| 192.168.122.201 | 62233 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49164 | 46.232.249.248 s2.ax1x.com | 443 |
| 192.168.122.201 | 49161 | 47.98.44.57 www.shandian22.com | 443 |
| 192.168.122.201 | 49162 | 47.98.44.57 www.shandian22.com | 1433 |
| 192.168.122.201 | 49163 | 59.111.179.136 note.youdao.com | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 58181 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61698 | 192.168.122.1 | 53 |
| 192.168.122.201 | 62233 | 192.168.122.1 | 53 |
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2019-06-21 12:39:20.338813+0800 | 192.168.122.201 | 49162 | 47.98.44.57 | 1433 | TCP | 2013410 | ET POLICY Outbound MSSQL Connection to Standard port (1433) | Potentially Bad Traffic |
| 2019-06-21 12:40:51.210548+0800 | 192.168.122.201 | 49162 | 47.98.44.57 | 1433 | TCP | 2013410 | ET POLICY Outbound MSSQL Connection to Standard port (1433) | Potentially Bad Traffic |
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2019-06-21 12:39:18.131579+0800 | 192.168.122.201 | 49161 | 47.98.44.57 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=www.shandian22.com | e4:b4:87:b1:b2:26:d2:fc:6d:5e:aa:1d:8e:46:f9:73:0b:13:a7:5b |
| 2019-06-21 12:39:21.259725+0800 | 192.168.122.201 | 49163 | 59.111.179.136 | 443 | TLSv1 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018 | C=CN, L=北京, O=网易有道信息技术(北京)有限公司, OU=IT Dept, CN=*.youdao.com | 04:f2:63:7a:49:7d:bf:24:bc:c8:86:05:6a:7b:3d:d5:bd:f0:00:1f |
| 2019-06-21 12:39:24.062092+0800 | 192.168.122.201 | 49164 | 46.232.249.248 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 | OU=Domain Control Validated, CN=*.ax1x.com | 26:e9:5c:f6:5b:40:2e:a9:2d:7e:f5:eb:60:18:df:e6:94:c0:17:4d |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | \xc9\xc1\xb5\xe7\xbb\xee\xb6\xaf\xd6\xfa\xca\xd6 \xbf\xc6\xd1\xa7\xb5\xb6v2.9.5.exe |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\zip-tmp\\xe9\x97\xaa\xe7\x94\xb5\xe6\xb4\xbb\xe5\x8a\xa8\xe5\x8a\xa9\xe6\x89\x8b \xe7\xa7\x91\xe5\xad\xa6\xe5\x88\x80v2.9.5.exe
|
| 文件大小 | 3061248 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 69c00ab4993ba2fdf491adacc4a9a24d |
| SHA1 | 77eee8c90f7de438755021981d0baf487486a429 |
| SHA256 | be8049cf372c1b90f17722887d046062a1eb456e5f49592ee87bbd1b71f4907e |
| CRC32 | 84C91829 |
| Ssdeep | 49152:MwPIqC/8KQGQ6G7DLUDVjwCqRH/E5qXkcRQSmGtFuC8LGQkk3YkKV30X2VwIyF9D:M0Iqg3CYg/3XHG5GvDi3imrI4G2v/ |
| 下载 提交魔盾安全分析 |
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 29.648 seconds )
- 15.542 Suricata
- 6.35 NetworkAnalysis
- 3.7 TargetInfo
- 2.082 VirusTotal
- 1.648 BehaviorAnalysis
- 0.166 Dropped
- 0.133 AnalysisInfo
- 0.022 Strings
- 0.003 Memory
- 0.002 Static
Signatures ( 0.926 seconds )
- 0.147 antiav_detectreg
- 0.084 api_spamming
- 0.071 stealth_timeout
- 0.065 stealth_decoy_document
- 0.055 infostealer_ftp
- 0.031 antianalysis_detectreg
- 0.031 infostealer_im
- 0.03 md_domain_bl
- 0.022 antidbg_windows
- 0.021 md_url_bl
- 0.02 antivm_generic_scsi
- 0.018 kovter_behavior
- 0.018 infostealer_mail
- 0.016 antiemu_wine_func
- 0.016 infostealer_browser_password
- 0.015 antivm_generic_services
- 0.015 antiav_detectfile
- 0.013 anormaly_invoke_kills
- 0.01 antivm_vbox_libs
- 0.009 infostealer_bitcoin
- 0.008 anomaly_persistence_autorun
- 0.008 kibex_behavior
- 0.008 ransomware_extensions
- 0.008 ransomware_files
- 0.007 betabot_behavior
- 0.007 antivm_parallels_keys
- 0.007 antivm_xen_keys
- 0.007 geodo_banking_trojan
- 0.007 darkcomet_regkeys
- 0.006 mimics_filetime
- 0.005 reads_self
- 0.005 exec_crash
- 0.005 antivm_generic_diskreg
- 0.005 antivm_vbox_files
- 0.005 network_torgateway
- 0.004 bootkit
- 0.004 dridex_behavior
- 0.004 stealth_file
- 0.004 antivm_vbox_window
- 0.004 antisandbox_sunbelt_libs
- 0.004 antivm_generic_disk
- 0.004 disables_browser_warn
- 0.004 recon_fingerprint
- 0.003 tinba_behavior
- 0.003 antiav_avast_libs
- 0.003 antisandbox_sboxie_libs
- 0.003 antiav_bitdefender_libs
- 0.003 virus
- 0.003 maldun_suspicious
- 0.003 packer_armadillo_regkey
- 0.002 rat_nanocore
- 0.002 infostealer_browser
- 0.002 antivm_vmware_libs
- 0.002 shifu_behavior
- 0.002 cerber_behavior
- 0.002 antisandbox_script_timer
- 0.002 hancitor_behavior
- 0.002 bypass_firewall
- 0.002 antidbg_devices
- 0.002 antisandbox_productid
- 0.002 antivm_xen_keys
- 0.002 antivm_hyperv_keys
- 0.002 antivm_vbox_acpi
- 0.002 antivm_vbox_keys
- 0.002 antivm_vmware_keys
- 0.002 antivm_vpc_keys
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 md_bad_drop
- 0.001 hawkeye_behavior
- 0.001 network_tor
- 0.001 network_anomaly
- 0.001 injection_createremotethread
- 0.001 sets_autoconfig_url
- 0.001 stealth_network
- 0.001 ursnif_behavior
- 0.001 kazybot_behavior
- 0.001 heapspray_js
- 0.001 ransomeware_modifies_desktop_wallpaper
- 0.001 dyre_behavior
- 0.001 antianalysis_detectfile
- 0.001 antivm_generic_bios
- 0.001 antivm_generic_cpu
- 0.001 antivm_generic_system
- 0.001 antivm_vmware_files
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 codelux_behavior
- 0.001 malicious_drop_executable_file_to_temp_folder
- 0.001 office_security
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 recon_programs
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.42 seconds )
- 0.979 ReportHTMLSummary
- 0.441 Malheur
| Task ID | 313647 |
|---|---|
| Mongo ID | 5d0c600f2f8f2e42505e3b74 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号