File name: | previdenza_sociale.jnlp |
Full analysis: | https://app.any.run/tasks/a0210444-fc99-463a-8fcf-076a7be7f0e5 |
Verdict: | Malicious activity |
Analysis date: | August 13, 2020, 08:11:53 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/xml |
File info: | XML 1.0 document, ASCII text |
MD5: | 0B0CB4E5991F2D5360682E6C8FBF6CD5 |
SHA1: | EED97E993B6B98607E9BAE6C8887B176A16008ED |
SHA256: | 09E58C934F349EC6FBF04DAE8D0326D97DD96AB957C59AE7583DBA776C6344F9 |
SSDEEP: | 12:TMHdIjw2ltd/bIOFOx1ZAOPodSh81sUA/umdhoB:2dKl3bY1ZlzUNA/um7oB |
.jnlp | | | Java Web Start application descriptor (88.3) |
---|---|---|
.xml | | | Generic XML (ASCII) (11.6) |
JnlpApplication-desc: | |
---|---|
JnlpApplication-descMain-class: | Previdenza |
JnlpResourcesJarHref: | Previdenza_Sociale.jar |
JnlpResourcesJ2seVersion: | 1.6+ |
JnlpSecurityAll-permissions: | - |
JnlpInformationDescription: | Previdenza Sociale |
JnlpInformationHomepageHref: | www.inps.gov.it |
JnlpInformationVendor: | Istituto Nazionale Previdenza Sociale |
JnlpInformationTitle: | Previdenza Sociale |
JnlpHref: | previdenza_sociale.jnlp |
JnlpCodebase: | http://social.interactivegood.com |
JnlpSpec: | 1.0+ |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3088 | "C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe" "C:\Users\admin\Desktop\previdenza_sociale.jnlp" | C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe | — | explorer.exe | |||||||||||
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Web Start Launcher Exit code: 0 Version: 11.92.2.14 Modules
| |||||||||||||||
4032 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.92.2" "later" | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | — | javaws.exe | |||||||||||
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.920.14 Modules
| |||||||||||||||
2696 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.92.2" "1597306335" | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | — | javaws.exe | |||||||||||
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.920.14 Modules
| |||||||||||||||
3264 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.92.2" "false" | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | — | javaws.exe | |||||||||||
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.920.14 Modules
| |||||||||||||||
2592 | JavaWSSplashScreen -splash 49266 "C:\Program Files\Java\jre1.8.0_92\lib\deploy\splash.gif" | C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe | javaws.exe | ||||||||||||
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Web Start Launcher Exit code: 0 Version: 11.92.2.14 Modules
| |||||||||||||||
2812 | "C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_92" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURqbmxweC5vcmlnRmlsZW5hbWVBcmc9QzpcVXNlcnNcYWRtaW5cRGVza3RvcFxwcmV2aWRlbnphX3NvY2lhbGUuam5scAAtRGpubHB4LnJlbW92ZT10cnVlAC1Ec3VuLmF3dC53YXJtdXA9dHJ1ZQAtWGJvb3RjbGFzc3BhdGgvYTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzkyXGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJccGx1Z2luLmphcgAtRGpubHB4LnNwbGFzaHBvcnQ9NDkyNjcALURqbmxweC5qdm09QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzkyXGJpblxqYXZhdy5leGU= -ma QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGphdmF3czI= | C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe | javaws.exe | ||||||||||||
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Web Launcher Exit code: 4294967295 Version: 11.92.2.14 Modules
|
(PID) Process: | (4032) javaw.exe | Key: | HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties |
Operation: | delete key | Name: | (default) |
Value: | |||
(PID) Process: | (4032) javaw.exe | Key: | HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties |
Operation: | write | Name: | deployment.modified.timestamp |
Value: 1535457890299 | |||
(PID) Process: | (4032) javaw.exe | Key: | HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties |
Operation: | write | Name: | deployment.roaming.profile |
Value: false | |||
(PID) Process: | (4032) javaw.exe | Key: | HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties |
Operation: | write | Name: | deployment.version |
Value: 8 | |||
(PID) Process: | (4032) javaw.exe | Key: | HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties |
Operation: | write | Name: | deployment.expired.version |
Value: 11.92.2 | |||
(PID) Process: | (4032) javaw.exe | Key: | HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties |
Operation: | write | Name: | deployment.browser.path |
Value: C:\Program Files\Internet Explorer\iexplore.exe | |||
(PID) Process: | (4032) javaw.exe | Key: | HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties |
Operation: | write | Name: | deployment.expiration.decision.11.92.2 |
Value: later | |||
(PID) Process: | (2696) javaw.exe | Key: | HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties |
Operation: | delete key | Name: | (default) |
Value: | |||
(PID) Process: | (2696) javaw.exe | Key: | HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties |
Operation: | write | Name: | deployment.modified.timestamp |
Value: 1597306335123 | |||
(PID) Process: | (2696) javaw.exe | Key: | HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties |
Operation: | write | Name: | deployment.roaming.profile |
Value: false |
PID | Process | Filename | Type | |
---|---|---|---|---|
2812 | jp2launcher.exe | C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log | text | |
MD5:86F72183B21A37880BFC491035ED9AD5 | SHA256:EC4BDAD262A046B8F8BD022B53CBF160B15FED06DC4505BA9A925D96641E9D3C | |||
2696 | javaw.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:AAD7A3A3756EEB411B38F4B30FC9C069 | SHA256:A67C1EC2E92E56C0A5789161B792FF96748A740090A58FF398585B9BC383A197 | |||
2812 | jp2launcher.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:D910254816F79D9EA24117D4CECA7B5E | SHA256:D47FD24218670EF9460F2453DB57DB6E5A3AFC4DEAE4CC2A0DCB30DD7309F3FC | |||
4032 | javaw.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:473FF1C91E1429CA335143B7209066AD | SHA256:D957D763ABDC79B64B137A4C73CF3756CB922B3E743AAF2AA4E8F1C879AED22A | |||
2696 | javaw.exe | C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log | text | |
MD5:C0444A830CFC398F67D9775AFC1AF09A | SHA256:7B43925DD1AB49E053ECC80B6E39AB03519D61D16295DD1F5E305D7938C8BDBF | |||
4032 | javaw.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties | text | |
MD5:EA010CDF02238297FF6E1CEB1AAEEA50 | SHA256:F8657F316FBEB2FAA79323643D2B1C73A8738BC178D5A2D20606F380D5F38CB5 | |||
3264 | javaw.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties | text | |
MD5:CA65B4C75F82BD3019C777D8F687B50D | SHA256:F2F7A2402F7E475321B9A653406E23F01824DE7ABD8F4F073AC1BBC79DEB0E6C | |||
2812 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties | text | |
MD5:EBA0F097068D82B9BA55DFFF5C1406F2 | SHA256:A20CA0F03F4D472D12FA270DEBBE83046F13571842ED041E3A023A17E38F2604 | |||
3264 | javaw.exe | C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log | text | |
MD5:D104CE6ECAADBCCAAB687DC0B7D76297 | SHA256:F1495E77111248BAB37BA5DCB2BD41B519EA464EE540FC4327F43F05980ED686 | |||
4032 | javaw.exe | C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log | text | |
MD5:97E482F3B60D8DFB1647968119EB43A7 | SHA256:F7E3D98C62563BEFC8F1DB5B0B35374A3B9F30907AE0505648C0C67AA480BF19 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2812 | jp2launcher.exe | GET | — | 141.136.35.204:80 | http://social.interactivegood.com/previdenza_sociale.jnlp | LT | — | — | suspicious |
2812 | jp2launcher.exe | GET | — | 141.136.35.204:80 | http://social.interactivegood.com/previdenza_sociale.jnlp | LT | — | — | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2812 | jp2launcher.exe | 141.136.35.204:80 | social.interactivegood.com | Vardas.lt, Uab | LT | suspicious |
Domain | IP | Reputation |
---|---|---|
social.interactivegood.com |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET POLICY Vulnerable Java Version 1.8.x Detected |
— | — | Potentially Bad Traffic | ET POLICY Vulnerable Java Version 1.8.x Detected |