File name:

previdenza_sociale.jnlp

Full analysis: https://app.any.run/tasks/a0210444-fc99-463a-8fcf-076a7be7f0e5
Verdict: Malicious activity
Analysis date: August 13, 2020, 08:11:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text
MD5:

0B0CB4E5991F2D5360682E6C8FBF6CD5

SHA1:

EED97E993B6B98607E9BAE6C8887B176A16008ED

SHA256:

09E58C934F349EC6FBF04DAE8D0326D97DD96AB957C59AE7583DBA776C6344F9

SSDEEP:

12:TMHdIjw2ltd/bIOFOx1ZAOPodSh81sUA/umdhoB:2dKl3bY1ZlzUNA/um7oB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Internet Cache Settings

      • jp2launcher.exe (PID: 2812)
    • Application launched itself

      • javaws.exe (PID: 3088)
    • Executes JAVA applets

      • javaws.exe (PID: 3088)
    • Check for Java to be installed

      • javaws.exe (PID: 3088)
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.jnlp | Java Web Start application descriptor (88.3)
.xml | Generic XML (ASCII) (11.6)

EXIF

XMP

JnlpApplication-desc:
JnlpApplication-descMain-class: Previdenza
JnlpResourcesJarHref: Previdenza_Sociale.jar
JnlpResourcesJ2seVersion: 1.6+
JnlpSecurityAll-permissions: -
JnlpInformationDescription: Previdenza Sociale
JnlpInformationHomepageHref: www.inps.gov.it
JnlpInformationVendor: Istituto Nazionale Previdenza Sociale
JnlpInformationTitle: Previdenza Sociale
JnlpHref: previdenza_sociale.jnlp
JnlpCodebase: http://social.interactivegood.com
JnlpSpec: 1.0+
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
6
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javaws.exe no specs javaw.exe no specs javaw.exe no specs javaw.exe no specs javaws.exe jp2launcher.exe

Process information

PID
CMD
Path
Indicators
Parent process
3088"C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe" "C:\Users\admin\Desktop\previdenza_sociale.jnlp"C:\Program Files\Java\jre1.8.0_92\bin\javaws.exeexplorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Web Start Launcher
Exit code:
0
Version:
11.92.2.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaws.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
4032"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.92.2" "later"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exejavaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2696"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.92.2" "1597306335"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exejavaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3264"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.92.2" "false"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exejavaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2592JavaWSSplashScreen -splash 49266 "C:\Program Files\Java\jre1.8.0_92\lib\deploy\splash.gif"C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe
javaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Web Start Launcher
Exit code:
0
Version:
11.92.2.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaws.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
2812"C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_92" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURqbmxweC5vcmlnRmlsZW5hbWVBcmc9QzpcVXNlcnNcYWRtaW5cRGVza3RvcFxwcmV2aWRlbnphX3NvY2lhbGUuam5scAAtRGpubHB4LnJlbW92ZT10cnVlAC1Ec3VuLmF3dC53YXJtdXA9dHJ1ZQAtWGJvb3RjbGFzc3BhdGgvYTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzkyXGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJccGx1Z2luLmphcgAtRGpubHB4LnNwbGFzaHBvcnQ9NDkyNjcALURqbmxweC5qdm09QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzkyXGJpblxqYXZhdy5leGU= -ma QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGphdmF3czI=C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe
javaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Web Launcher
Exit code:
4294967295
Version:
11.92.2.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\jp2launcher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
155
Read events
91
Write events
57
Delete events
7

Modification events

(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:delete keyName:(default)
Value:
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.modified.timestamp
Value:
1535457890299
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.roaming.profile
Value:
false
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.version
Value:
8
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.expired.version
Value:
11.92.2
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.browser.path
Value:
C:\Program Files\Internet Explorer\iexplore.exe
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.expiration.decision.11.92.2
Value:
later
(PID) Process:(2696) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:delete keyName:(default)
Value:
(PID) Process:(2696) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.modified.timestamp
Value:
1597306335123
(PID) Process:(2696) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.roaming.profile
Value:
false
Executable files
0
Suspicious files
0
Text files
16
Unknown types
0

Dropped files

PID
Process
Filename
Type
2812jp2launcher.exeC:\Users\admin\AppData\Local\Temp\JavaDeployReg.logtext
MD5:86F72183B21A37880BFC491035ED9AD5
SHA256:EC4BDAD262A046B8F8BD022B53CBF160B15FED06DC4505BA9A925D96641E9D3C
2696javaw.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:AAD7A3A3756EEB411B38F4B30FC9C069
SHA256:A67C1EC2E92E56C0A5789161B792FF96748A740090A58FF398585B9BC383A197
2812jp2launcher.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:D910254816F79D9EA24117D4CECA7B5E
SHA256:D47FD24218670EF9460F2453DB57DB6E5A3AFC4DEAE4CC2A0DCB30DD7309F3FC
4032javaw.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:473FF1C91E1429CA335143B7209066AD
SHA256:D957D763ABDC79B64B137A4C73CF3756CB922B3E743AAF2AA4E8F1C879AED22A
2696javaw.exeC:\Users\admin\AppData\Local\Temp\JavaDeployReg.logtext
MD5:C0444A830CFC398F67D9775AFC1AF09A
SHA256:7B43925DD1AB49E053ECC80B6E39AB03519D61D16295DD1F5E305D7938C8BDBF
4032javaw.exeC:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.propertiestext
MD5:EA010CDF02238297FF6E1CEB1AAEEA50
SHA256:F8657F316FBEB2FAA79323643D2B1C73A8738BC178D5A2D20606F380D5F38CB5
3264javaw.exeC:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.propertiestext
MD5:CA65B4C75F82BD3019C777D8F687B50D
SHA256:F2F7A2402F7E475321B9A653406E23F01824DE7ABD8F4F073AC1BBC79DEB0E6C
2812jp2launcher.exeC:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.propertiestext
MD5:EBA0F097068D82B9BA55DFFF5C1406F2
SHA256:A20CA0F03F4D472D12FA270DEBBE83046F13571842ED041E3A023A17E38F2604
3264javaw.exeC:\Users\admin\AppData\Local\Temp\JavaDeployReg.logtext
MD5:D104CE6ECAADBCCAAB687DC0B7D76297
SHA256:F1495E77111248BAB37BA5DCB2BD41B519EA464EE540FC4327F43F05980ED686
4032javaw.exeC:\Users\admin\AppData\Local\Temp\JavaDeployReg.logtext
MD5:97E482F3B60D8DFB1647968119EB43A7
SHA256:F7E3D98C62563BEFC8F1DB5B0B35374A3B9F30907AE0505648C0C67AA480BF19
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
4
DNS requests
1
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2812
jp2launcher.exe
GET
141.136.35.204:80
http://social.interactivegood.com/previdenza_sociale.jnlp
LT
suspicious
2812
jp2launcher.exe
GET
141.136.35.204:80
http://social.interactivegood.com/previdenza_sociale.jnlp
LT
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2812
jp2launcher.exe
141.136.35.204:80
social.interactivegood.com
Vardas.lt, Uab
LT
suspicious

DNS requests

Domain
IP
Reputation
social.interactivegood.com
  • 141.136.35.204
suspicious

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
No debug info