Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Zip PDF

    Загружено:

    Khánh Nguyễn
    53 просмотров4 страницы

    Оригинальное название

    zip.pdf

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    53 просмотров4 страницы

    Zip PDF

    Загружено:

    Khánh Nguyễn

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 4

    WildFire Analysis Report

    WildFire Analysis Report 1


    1 File Information 2
    2 Static Analysis 2
    2.1. Suspicious File Properties 2
    2.2. Archive File Properties 2
    3 Dynamic Analysis 2
    3.1. VM1 (Windows XP, Adobe Reader 9.4.0, Flash 10, Office 2007) 3
    3.1.1. Behavioral Summary 3
    3.1.2. Network Activity 3
    3.1.3. Host Activity 3
    Process Activity 3
    Process Name - sample.exe 3
    Event Timeline 3
    3.2. VM2 (Windows 7 x64 SP1, Adobe Reader 11, Flash 11, Office 2010) 4
    3.2.1. Behavioral Summary 4
    3.2.2. Network Activity 4
    3.2.3. Host Activity 4
    Process Activity 4
    Process Name - sample.exe 4
    Event Timeline 4

    1/4
    1 File Information

    File T ype 7zip Archive

    File Signer

    SHA-256 2965fa86fbf389e690ce4576ca6dbafe8da2988edf6fe1160250bed39922b807

    SHA-1 a440be3a2d7a4f7d2b5a2f869ab5423c431fa7c7

    MD5 d87ff7a8936fc1e789eb4f6ebf92e328

    File Size 437295bytes

    First Seen T imestamp 2019-04-20 11:39:33 UTC

    Verdict Malware

    Antivirus Coverage VirusTotal Information

    2 Static Analysis

    2.1. Suspicious File Properties

    This file was statically analyzed and the table below lists the suspicious items that were
    found. The presence of these suspicious items caused the sample to be further analyzed
    in the virtual machine sandbox configurations listed in the tabs below.

    Archive contains executables


    This archive contains executables that potentially can be malicious.

    Archive contains known malware sample to WildFire


    Archive contains known malicious sample to WildFire.

    2.2. Archive File Properties

    This archive file contained the following files which received a verdict.

    File Name SHA-256 Verdict

    play_99538678.mp4.com 8b4a78d8dab33787bb11ed242d9e6f9d05bb6850f8ac0fd31010dd1536e180b8 Malware

    3 Dynamic Analysis

    2/4
    3.1. VM1 (Windows XP, Adobe Reader 9.4.0, Flash 10, Office 2007)

    The file analyzed in this machine is play_99538678.mp4.com.

    3.1.1. Behavioral Summary

    This sample was found to be benign on this virtual machine.

    Behavior Severit y

    Created or modified a file in the Windows system folder


    The Windows system folder contains configuration files and executables that control the underlying functions of the
    system. Malware often modifies the contents of this folder to manipulate the system, establish persistence, and avoid
    detection.

    Created or modified a file


    Legitimate software creates or modifies files to preserve data across system restarts. Malware may create or modify
    files to deliver malicious payloads or maintain persistence on a system.

    3.1.2. Network Activity


    DNS Queries

    Domain Name Query T ype DNS Response

    www.google.com A 216.58.195.68

    google.com NS ns4.google.com

    google.com NS ns3.google.com

    google.com NS ns2.google.com

    google.com NS ns1.google.com

    3.1.3. Host Activity


    Pro cess Activity

    Process Name - sample.exe

    (command: C:\documents and settings\administrator\sample.exe)

    Registry Activity

    Regist ry Key Value Act ion

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Par
    Create
    ameters

    Created Mutexes

    Mut ex Name

    CTF.TimListCache.FMPDefaultS-1-5-21-515967899-776561741-1417001333-500MUTEX.DefaultS-1-5-21-515967899-776561741-1417001333-500

    Event Timeline

    1 Created Process C:\documents and settings\administrator\sample.exe

    Created mutex CTF.TimListCache.FMPDefaultS-1-5-21-515967899-776561741-1417001333-500MUTEX.DefaultS-1-5-21-


    2
    515967899-776561741-1417001333-500

    3/4
    3.2. VM2 (Windows 7 x64 SP1, Adobe Reader 11, Flash 11, Office
    2010)

    The file analyzed in this machine is play_99538678.mp4.com.

    3.2.1. Behavioral Summary

    This sample was found to be benign on this virtual machine.

    Behavior Severit y

    Created or modified a file


    Legitimate software creates or modifies files to preserve data across system restarts. Malware may create or modify
    files to deliver malicious payloads or maintain persistence on a system.

    3.2.2. Network Activity


    DNS Queries

    Domain Name Query T ype DNS Response

    google.com NS ns4.google.com

    google.com NS ns3.google.com

    teredo.ipv6.microsoft.com NXDOMAIN

    google.com NS ns1.google.com

    google.com NS ns2.google.com

    www.google.com A 216.58.195.68

    Connections

    Host Port Prot ocol Count ry

    224.0.0.252 5355 UDP -

    3.2.3. Host Activity


    Pro cess Activity

    Process Name - sample.exe

    (command: C:\Users\Administrator\sample.exe)
    No activity recorded for this process.

    Event Timeline

    1 Created Process C:\Users\Administrator\sample.exe

    4/4

    Вам также может понравиться