File name:

previdenza_sociale.jnlp

Full analysis: https://app.any.run/tasks/a0210444-fc99-463a-8fcf-076a7be7f0e5
Verdict: Malicious activity
Analysis date: August 13, 2020, 08:11:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text
MD5:

0B0CB4E5991F2D5360682E6C8FBF6CD5

SHA1:

EED97E993B6B98607E9BAE6C8887B176A16008ED

SHA256:

09E58C934F349EC6FBF04DAE8D0326D97DD96AB957C59AE7583DBA776C6344F9

SSDEEP:

12:TMHdIjw2ltd/bIOFOx1ZAOPodSh81sUA/umdhoB:2dKl3bY1ZlzUNA/um7oB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Check for Java to be installed

      • javaws.exe (PID: 3088)

    • Application launched itself

      • javaws.exe (PID: 3088)

    • Executes JAVA applets

      • javaws.exe (PID: 3088)

    • Reads Internet Cache Settings

      • jp2launcher.exe (PID: 2812)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.jnlp | Java Web Start application descriptor (88.3)
.xml | Generic XML (ASCII) (11.6)

EXIF

XMP

JnlpSpec: 1.0+
JnlpCodebase: http://social.interactivegood.com
JnlpHref: previdenza_sociale.jnlp
JnlpInformationTitle: Previdenza Sociale
JnlpInformationVendor: Istituto Nazionale Previdenza Sociale
JnlpInformationHomepageHref: www.inps.gov.it
JnlpInformationDescription: Previdenza Sociale
JnlpSecurityAll-permissions: -
JnlpResourcesJ2seVersion: 1.6+
JnlpResourcesJarHref: Previdenza_Sociale.jar
JnlpApplication-descMain-class: Previdenza
JnlpApplication-desc:
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
6
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javaws.exe no specs javaw.exe no specs javaw.exe no specs javaw.exe no specs javaws.exe jp2launcher.exe

Process information

PID
CMD
Path
Indicators
Parent process
2592JavaWSSplashScreen -splash 49266 "C:\Program Files\Java\jre1.8.0_92\lib\deploy\splash.gif"C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe
javaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Web Start Launcher
Exit code:
0
Version:
11.92.2.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaws.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
2696"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.92.2" "1597306335"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exejavaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2812"C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_92" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURqbmxweC5vcmlnRmlsZW5hbWVBcmc9QzpcVXNlcnNcYWRtaW5cRGVza3RvcFxwcmV2aWRlbnphX3NvY2lhbGUuam5scAAtRGpubHB4LnJlbW92ZT10cnVlAC1Ec3VuLmF3dC53YXJtdXA9dHJ1ZQAtWGJvb3RjbGFzc3BhdGgvYTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzkyXGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJccGx1Z2luLmphcgAtRGpubHB4LnNwbGFzaHBvcnQ9NDkyNjcALURqbmxweC5qdm09QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzkyXGJpblxqYXZhdy5leGU= -ma QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGphdmF3czI=C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe
javaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Web Launcher
Exit code:
4294967295
Version:
11.92.2.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\jp2launcher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3088"C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe" "C:\Users\admin\Desktop\previdenza_sociale.jnlp"C:\Program Files\Java\jre1.8.0_92\bin\javaws.exeexplorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Web Start Launcher
Exit code:
0
Version:
11.92.2.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaws.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
3264"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.92.2" "false"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exejavaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
4032"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.92.2" "later"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exejavaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
155
Read events
91
Write events
57
Delete events
7

Modification events

(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:delete keyName:(default)
Value:
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.modified.timestamp
Value:
1535457890299
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.roaming.profile
Value:
false
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.version
Value:
8
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.expired.version
Value:
11.92.2
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.browser.path
Value:
C:\Program Files\Internet Explorer\iexplore.exe
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.expiration.decision.11.92.2
Value:
later
(PID) Process:(2696) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:delete keyName:(default)
Value:
(PID) Process:(2696) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.modified.timestamp
Value:
1597306335123
(PID) Process:(2696) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.roaming.profile
Value:
false
Executable files
0
Suspicious files
0
Text files
16
Unknown types
0

Dropped files

PID
Process
Filename
Type
4032javaw.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:
SHA256:
3264javaw.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:
SHA256:
2696javaw.exeC:\Users\admin\AppData\Local\Temp\JavaDeployReg.logtext
MD5:
SHA256:
4032javaw.exeC:\Users\admin\AppData\Local\Temp\JavaDeployReg.logtext
MD5:
SHA256:
3264javaw.exeC:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.propertiestext
MD5:
SHA256:
3264javaw.exeC:\Users\admin\AppData\Local\Temp\JavaDeployReg.logtext
MD5:
SHA256:
3088javaws.exeC:\Users\admin\AppData\Local\Temp\javaws2xml
MD5:
SHA256:
2812jp2launcher.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:
SHA256:
2812jp2launcher.exeC:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.propertiestext
MD5:
SHA256:
2696javaw.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
4
DNS requests
1
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2812
jp2launcher.exe
GET
141.136.35.204:80
http://social.interactivegood.com/previdenza_sociale.jnlp
LT
suspicious
2812
jp2launcher.exe
GET
141.136.35.204:80
http://social.interactivegood.com/previdenza_sociale.jnlp
LT
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2812
jp2launcher.exe
141.136.35.204:80
social.interactivegood.com
Vardas.lt, Uab
LT
suspicious

DNS requests

Domain
IP
Reputation
social.interactivegood.com
  • 141.136.35.204
suspicious

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
previdenza_sociale.jnlp