File name:

15.10.2024. SİPARİŞ LİSTESİ.7.jar

Full analysis: https://app.any.run/tasks/3bc05480-720d-4276-b01a-b73570a54c91
Verdict: Malicious activity
Analysis date: October 16, 2024, 06:20:51
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-scr
Indicators:
MIME: application/java-archive
File info: Java archive data (JAR)
MD5:

C063B19990EFBDC673862686C750A824

SHA1:

8BA03B6C015562AADC65A6C1F21B511EB4C2274A

SHA256:

0B913E76EE84B365D27CC780C50B3DA543C33846712FDE3DB876B618BD47DF9C

SSDEEP:

24576:c9E0ybt6oRLYiQjKiOEYynCXaj+aw52mwEA24GBb18:c9E0ybt6oRLYiQjKiOEYynCXaj+aw52j

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 2100)

    • Executable content was dropped or overwritten

      • jre-8u431-windows-x64.exe (PID: 7888)
      • installer.exe (PID: 7076)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 2100)

    • The process executes via Task Scheduler

      • powershell.exe (PID: 4304)

  • INFO

    • Manual execution by a user

      • firefox.exe (PID: 6960)
      • WinRAR.exe (PID: 3944)

    • Application launched itself

      • firefox.exe (PID: 6960)
      • firefox.exe (PID: 1712)
      • msiexec.exe (PID: 2100)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 1712)
      • msiexec.exe (PID: 2100)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 2100)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0808
ZipCompression: Deflated
ZipModifyDate: 2024:10:16 12:28:26
ZipCRC: 0xd4769866
ZipCompressedSize: 117
ZipUncompressedSize: 134
ZipFileName: META-INF/MANIFEST.MF
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
186
Monitored processes
47
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs sppextcomobj.exe no specs slui.exe winrar.exe no specs rundll32.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs jre-8u431-windows-x64.exe no specs jre-8u431-windows-x64.exe slui.exe no specs jre-8u431-windows-x64.exe msiexec.exe msiexec.exe no specs msif8e8.tmp no specs jaureg.exe conhost.exe no specs installer.exe javaw.exe ssvagent.exe no specs javaws.exe jp2launcher.exe no specs javaws.exe jp2launcher.exe no specs msiexec.exe no specs msiexec.exe no specs javaw.exe no specs msiexec.exe no specs javaw.exe no specs msiexec.exe no specs msiexec.exe no specs javaw.exe no specs powershell.exe conhost.exe no specs java.exe no specs java.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1180"C:\Program Files\Java\jre1.8.0_431\bin\javaws.exe" -wait -fix -permissions -silentC:\Program Files\Java\jre1.8.0_431\bin\javaws.exe
installer.exe
User:
SYSTEM
Company:
Oracle Corporation
Integrity Level:
SYSTEM
Description:
Java(TM) Web Start Launcher
Exit code:
0
Version:
11.431.2.10
Modules
Images
c:\program files\java\jre1.8.0_431\bin\javaws.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1500 -Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre1.8.0_431\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatusC:\Program Files\Java\jre1.8.0_431\bin\javaw.exejre-8u431-windows-x64.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
1
Version:
8.0.4310.10
1712"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2056"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-updateC:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
MSIF8E8.tmp
User:
SYSTEM
Company:
Oracle Corporation
Integrity Level:
SYSTEM
Description:
Java Update Registration
Exit code:
0
Version:
2.8.271.9
Modules
Images
c:\program files (x86)\common files\java\java update\jaureg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2100C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2632"C:\Program Files\Java\jre1.8.0_431\bin\ssvagent.exe" -doHKCUSSVSetupC:\Program Files\Java\jre1.8.0_431\bin\ssvagent.exeinstaller.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
1
Version:
11.431.2.10
Modules
Images
c:\program files\java\jre1.8.0_431\bin\ssvagent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2784"C:\Users\admin\Downloads\jre-8u431-windows-x64.exe" C:\Users\admin\Downloads\jre-8u431-windows-x64.exefirefox.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java Platform SE binary
Exit code:
3221226540
Version:
8.0.4310.10
Modules
Images
c:\users\admin\downloads\jre-8u431-windows-x64.exe
c:\windows\system32\ntdll.dll
2864C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
3648"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2256 -parentBuildID 20240213221259 -prefsHandle 2248 -prefMapHandle 2244 -prefsLen 30705 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbba8691-4783-4f8b-a930-8cd7c8c4bce1} 1712 "\\.\pipe\gecko-crash-server-pipe.1712" 221a3f82310 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
3700C:\Windows\syswow64\MsiExec.exe -Embedding 55C03F99A1D1B84185DC1DCF89BF6E4E E Global\MSI0000C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Total events
55 949
Read events
28 820
Write events
12 635
Delete events
14 494

Modification events

(PID) Process:(5084) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(5084) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\15.10.2024. SİPARİŞ LİSTESİ.7.jar.zip
(PID) Process:(5084) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(5084) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(5084) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(5084) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(5084) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
256
(PID) Process:(5084) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(5084) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:psize
Value:
80
(PID) Process:(5084) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:type
Value:
120
Executable files
349
Suspicious files
318
Text files
255
Unknown types
13

Dropped files

PID
Process
Filename
Type
1712firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
1712firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1712firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3944WinRAR.exeC:\Users\admin\Desktop\15.10.2024. SİPARİŞ LİSTESİ.7.jar\LOrz2ZVsebinary
MD5:918F0C465C3B11D449450635DBA8F37A
SHA256:EE0B28124EFE5FAB58A121888F90128D5511F56F20C482DE946B87D6CD8EC57B
1712firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1712firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
1712firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.jstext
MD5:7BB2F0D7E728B9FB3AA72B3E5E2A98EF
SHA256:341FA95D09D2FC0C47324324B3EB15DAA566D3D4C65AF3EB3044C0C0A3CE2B96
1712firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3944WinRAR.exeC:\Users\admin\Desktop\15.10.2024. SİPARİŞ LİSTESİ.7.jar\I.classclass
MD5:F33DFEBD1BF3B9E5571724A7A28354A3
SHA256:70DCC11C99EF55AFE2ABB8FE10DF2FE289C22CC513443D2279727C671036206D
1712firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:7BB2F0D7E728B9FB3AA72B3E5E2A98EF
SHA256:341FA95D09D2FC0C47324324B3EB15DAA566D3D4C65AF3EB3044C0C0A3CE2B96
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
167
DNS requests
206
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3676
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6996
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
1712
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
1712
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
1712
firefox.exe
POST
200
23.53.40.154:80
http://r10.o.lencr.org/
unknown
whitelisted
1712
firefox.exe
POST
200
23.53.40.154:80
http://r10.o.lencr.org/
unknown
whitelisted
1712
firefox.exe
POST
200
142.250.186.99:80
http://o.pki.goog/s/wr3/XjA
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5984
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.110.136:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
www.bing.com
  • 2.16.110.136
  • 2.16.110.176
  • 2.16.110.123
  • 2.16.110.168
  • 2.16.110.170
  • 2.16.110.121
  • 2.16.110.171
  • 2.16.110.195
  • 2.16.110.193
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 23.52.120.96
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 142.250.184.238
whitelisted
login.live.com
  • 40.126.32.133
  • 20.190.160.20
  • 40.126.32.138
  • 20.190.160.14
  • 40.126.32.68
  • 40.126.32.140
  • 40.126.32.134
  • 40.126.32.136
whitelisted
th.bing.com
  • 2.16.110.123
  • 2.16.110.195
  • 2.16.110.171
  • 2.16.110.170
  • 2.16.110.176
  • 2.16.110.168
  • 2.16.110.121
  • 2.16.110.136
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
15.10.2024. SİPARİŞ LİSTESİ.7.jar