analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

previdenza_sociale.jnlp

Full analysis: https://app.any.run/tasks/a0210444-fc99-463a-8fcf-076a7be7f0e5
Verdict: Malicious activity
Analysis date: August 13, 2020, 08:11:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/xml
File info: XML 1.0 document, ASCII text
MD5:

0B0CB4E5991F2D5360682E6C8FBF6CD5

SHA1:

EED97E993B6B98607E9BAE6C8887B176A16008ED

SHA256:

09E58C934F349EC6FBF04DAE8D0326D97DD96AB957C59AE7583DBA776C6344F9

SSDEEP:

12:TMHdIjw2ltd/bIOFOx1ZAOPodSh81sUA/umdhoB:2dKl3bY1ZlzUNA/um7oB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Internet Cache Settings

      • jp2launcher.exe (PID: 2812)

    • Executes JAVA applets

      • javaws.exe (PID: 3088)

    • Application launched itself

      • javaws.exe (PID: 3088)

    • Check for Java to be installed

      • javaws.exe (PID: 3088)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.jnlp | Java Web Start application descriptor (88.3)
.xml | Generic XML (ASCII) (11.6)

EXIF

XMP

JnlpApplication-desc:
JnlpApplication-descMain-class: Previdenza
JnlpResourcesJarHref: Previdenza_Sociale.jar
JnlpResourcesJ2seVersion: 1.6+
JnlpSecurityAll-permissions: -
JnlpInformationDescription: Previdenza Sociale
JnlpInformationHomepageHref: www.inps.gov.it
JnlpInformationVendor: Istituto Nazionale Previdenza Sociale
JnlpInformationTitle: Previdenza Sociale
JnlpHref: previdenza_sociale.jnlp
JnlpCodebase: http://social.interactivegood.com
JnlpSpec: 1.0+
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
6
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javaws.exe no specs javaw.exe no specs javaw.exe no specs javaw.exe no specs javaws.exe jp2launcher.exe

Process information

PID
CMD
Path
Indicators
Parent process
3088"C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe" "C:\Users\admin\Desktop\previdenza_sociale.jnlp"C:\Program Files\Java\jre1.8.0_92\bin\javaws.exeexplorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Web Start Launcher
Exit code:
0
Version:
11.92.2.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaws.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
4032"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.92.2" "later"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exejavaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2696"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.92.2" "1597306335"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exejavaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3264"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.92.2" "false"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exejavaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2592JavaWSSplashScreen -splash 49266 "C:\Program Files\Java\jre1.8.0_92\lib\deploy\splash.gif"C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe
javaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Web Start Launcher
Exit code:
0
Version:
11.92.2.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaws.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
2812"C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_92" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURqbmxweC5vcmlnRmlsZW5hbWVBcmc9QzpcVXNlcnNcYWRtaW5cRGVza3RvcFxwcmV2aWRlbnphX3NvY2lhbGUuam5scAAtRGpubHB4LnJlbW92ZT10cnVlAC1Ec3VuLmF3dC53YXJtdXA9dHJ1ZQAtWGJvb3RjbGFzc3BhdGgvYTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzkyXGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJccGx1Z2luLmphcgAtRGpubHB4LnNwbGFzaHBvcnQ9NDkyNjcALURqbmxweC5qdm09QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzkyXGJpblxqYXZhdy5leGU= -ma QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGphdmF3czI=C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe
javaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Web Launcher
Exit code:
4294967295
Version:
11.92.2.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\jp2launcher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\progra~1\java\jre18~1.0_9\bin\msvcr100.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
155
Read events
91
Write events
57
Delete events
7

Modification events

(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:delete keyName:(default)
Value:
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.modified.timestamp
Value:
1535457890299
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.roaming.profile
Value:
false
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.version
Value:
8
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.expired.version
Value:
11.92.2
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.browser.path
Value:
C:\Program Files\Internet Explorer\iexplore.exe
(PID) Process:(4032) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.expiration.decision.11.92.2
Value:
later
(PID) Process:(2696) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:delete keyName:(default)
Value:
(PID) Process:(2696) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.modified.timestamp
Value:
1597306335123
(PID) Process:(2696) javaw.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
Operation:writeName:deployment.roaming.profile
Value:
false
Executable files
0
Suspicious files
0
Text files
16
Unknown types
0

Dropped files

PID
Process
Filename
Type
4032javaw.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:473FF1C91E1429CA335143B7209066AD
SHA256:D957D763ABDC79B64B137A4C73CF3756CB922B3E743AAF2AA4E8F1C879AED22A
4032javaw.exeC:\Users\admin\AppData\Local\Temp\JavaDeployReg.logtext
MD5:97E482F3B60D8DFB1647968119EB43A7
SHA256:F7E3D98C62563BEFC8F1DB5B0B35374A3B9F30907AE0505648C0C67AA480BF19
3264javaw.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:497F7F1336BF542DC86713351E4FBA3E
SHA256:681F1A68C2FBC870B20350A5702AC79242BA1E6E6088EC7829505E3B2A2ADE1F
2812jp2launcher.exeC:\Users\admin\AppData\Local\Temp\JavaDeployReg.logtext
MD5:86F72183B21A37880BFC491035ED9AD5
SHA256:EC4BDAD262A046B8F8BD022B53CBF160B15FED06DC4505BA9A925D96641E9D3C
2696javaw.exeC:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.propertiestext
MD5:8F8F886C4F1646E0424D2BD4CE2FED42
SHA256:0B281927C6B5A2ACC6D885452B7E2787BCA628D26FE6496BDC3F8C14696C789C
3264javaw.exeC:\Users\admin\AppData\Local\Temp\JavaDeployReg.logtext
MD5:D104CE6ECAADBCCAAB687DC0B7D76297
SHA256:F1495E77111248BAB37BA5DCB2BD41B519EA464EE540FC4327F43F05980ED686
2812jp2launcher.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:D910254816F79D9EA24117D4CECA7B5E
SHA256:D47FD24218670EF9460F2453DB57DB6E5A3AFC4DEAE4CC2A0DCB30DD7309F3FC
3088javaws.exeC:\Users\admin\AppData\Local\Temp\javaws2xml
MD5:0B0CB4E5991F2D5360682E6C8FBF6CD5
SHA256:09E58C934F349EC6FBF04DAE8D0326D97DD96AB957C59AE7583DBA776C6344F9
2696javaw.exeC:\Users\admin\AppData\Local\Temp\JavaDeployReg.logtext
MD5:C0444A830CFC398F67D9775AFC1AF09A
SHA256:7B43925DD1AB49E053ECC80B6E39AB03519D61D16295DD1F5E305D7938C8BDBF
3264javaw.exeC:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.propertiestext
MD5:CA65B4C75F82BD3019C777D8F687B50D
SHA256:F2F7A2402F7E475321B9A653406E23F01824DE7ABD8F4F073AC1BBC79DEB0E6C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
4
DNS requests
1
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2812
jp2launcher.exe
GET
141.136.35.204:80
http://social.interactivegood.com/previdenza_sociale.jnlp
LT
suspicious
2812
jp2launcher.exe
GET
141.136.35.204:80
http://social.interactivegood.com/previdenza_sociale.jnlp
LT
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2812
jp2launcher.exe
141.136.35.204:80
social.interactivegood.com
Vardas.lt, Uab
LT
suspicious

DNS requests

Domain
IP
Reputation
social.interactivegood.com
  • 141.136.35.204
suspicious

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
previdenza_sociale.jnlp