魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
URL	2020-02-16 09:17:32	2020-02-16 09:19:53	141 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-hpdapp01-1	win7-sp1-x64-hpdapp01-1	KVM	2020-02-16 09:17:33	2020-02-16 09:19:54

魔盾分数
10.0 恶意的

URL信息

URL	http://61.147.103.121:6003/index.html
VirusTotal	VirusTotal查询失败

特征

生成可疑网络流量，可能被用来进行恶意活动

signature: ET POLICY Outdated Flash Version M1

signature: ET CURRENT_EVENTS Suspicious SWF filename movie(dot)swf in doc root

signature: ET CURRENT_EVENTS HT SWF Exploit RIP M2

运行截图

网络分析

TCP连接

IP地址	端口
61.147.103.121	6003

HTTP请求

URL	HTTP数据
http://61.147.103.121:6003/index.html	GET /index.html HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 61.147.103.121:6003 Connection: Keep-Alive
http://61.147.103.121:6003/movie.swf	GET /movie.swf HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://61.147.103.121:6003/index.html x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 61.147.103.121:6003 Connection: Keep-Alive Cookie: HFS_SID=0.728106952039525
http://61.147.103.121:6003/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 61.147.103.121:6003 Connection: Keep-Alive Cookie: HFS_SID=0.728106952039525

URL

HTTP数据

http://61.147.103.121:6003/index.html

GET /index.html HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: 61.147.103.121:6003
Connection: Keep-Alive

http://61.147.103.121:6003/movie.swf

GET /movie.swf HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Referer: http://61.147.103.121:6003/index.html
x-flash-version: 24,0,0,194
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 61.147.103.121:6003
Connection: Keep-Alive
Cookie: HFS_SID=0.728106952039525

http://61.147.103.121:6003/favicon.ico

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 61.147.103.121:6003
Connection: Keep-Alive
Cookie: HFS_SID=0.728106952039525

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息

执行的命令 无信息

创建的服务 无信息

启动的服务 无信息

进程

无信息

访问的文件 无信息

读取的文件 无信息

修改的文件 无信息

删除的文件 无信息

注册表键 无信息

读取的注册表键 无信息

修改的注册表键 无信息

删除的注册表键 无信息

API解析 无信息