File name: | C:\Users\admin\Downloads\apex.jnlp |
Full analysis: | https://app.any.run/tasks/9e8f1586-d45f-44cb-9ad8-371210495ce3 |
Verdict: | Malicious activity |
Analysis date: | September 16, 2021, 08:38:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/xml |
File info: | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
MD5: | FA192666B2C2E09FE776A5B318244928 |
SHA1: | 22E628A733FE1B2A8A64923F898E7D5873239D58 |
SHA256: | 21AA2D96F23ED009D2B5FB5AF086579C345E8B5004C9EFC9E9D33F5394142997 |
SSDEEP: | 48:czl6av6FEXvNunPf1YS+H1D8IsIaHOLB6aaf4/UNA5:W28FePiH98VI4OhCXi |
.jnlp | | | Java Web Start application descriptor (88.3) |
---|---|---|
.xml | | | Generic XML (ASCII) (11.6) |
JnlpSpec: | 1.0+ |
---|---|
JnlpCodebase: | http://41.160.4.49:9080/apex |
JnlpHref: | apex.jnlp |
JnlpInformationTitle: | SPARCS N4 |
JnlpInformationVendor: | Navis LLC |
JnlpInformationDescription: | SPARCS N4 Application |
JnlpInformationHomepageHref: | http://www.navis.com |
JnlpInformationIconHref: | n4_64.jpg |
JnlpInformationIconWidth: | 64 |
JnlpInformationIconHeight: | 64 |
JnlpSecurityAll-permissions: | - |
JnlpResourcesJ2seVersion: | 1.8+ |
JnlpResourcesJ2seMax-heap-size: | 768m |
JnlpResourcesJ2seHref: | http://java.sun.com/products/autodl/j2se |
JnlpResourcesJarHref: | lib/ulc-framework-client-signed.jar |
JnlpResourcesJarMain: | |
JnlpResourcesPropertyName: | navis-lookandfeel |
JnlpResourcesPropertyValue: | on |
JnlpApplication-descMain-class: | com.navis.framework.ulc.client.jnlp.CarinaJnlpLauncher |
JnlpApplication-descArgument: | url-string=http://41.160.4.49:9080/apex/ulc |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3680 | "C:\Program Files\Java\jre1.8.0_271\bin\javaws.exe" "C:\Users\admin\AppData\Local\Temp\apex.jnlp" | C:\Program Files\Java\jre1.8.0_271\bin\javaws.exe | — | Explorer.EXE |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Web Start Launcher Exit code: 0 Version: 11.271.2.09 | ||||
3856 | "C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_2\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.271.2" "later" | C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe | — | javaws.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.2710.9 | ||||
3036 | C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M | C:\Windows\system32\icacls.exe | — | javaw.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2200 | "C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_2\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.271.2" "1631781574" | C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe | — | javaws.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.2710.9 | ||||
2672 | "C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_2\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.271.2" "false" | C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe | — | javaws.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.2710.9 | ||||
3160 | JavaWSSplashScreen -splash 55308 "C:\Program Files\Java\jre1.8.0_271\lib\deploy\splash.gif" | C:\Program Files\Java\jre1.8.0_271\bin\javaws.exe | — | javaws.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Web Start Launcher Exit code: 0 Version: 11.271.2.09 | ||||
3900 | "C:\Program Files\Java\jre1.8.0_271\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_271" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMjcxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMjcxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzI3MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURqbmxweC5vcmlnRmlsZW5hbWVBcmc9QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGFwZXguam5scAAtRGpubHB4LnJlbW92ZT1mYWxzZQAtRHN1bi5hd3Qud2FybXVwPXRydWUALVhib290Y2xhc3NwYXRoL2E6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzI3MVxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMjcxXGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8yNzFcbGliXHBsdWdpbi5qYXIALVhteDc2OG0ALURqbmxweC5oZWFwc2l6ZT1OVUxMLDc2OG0ALURqbmxweC5zcGxhc2hwb3J0PTU1MzA5AC1Eam5scHguanZtPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8yNzFcYmluXGphdmF3LmV4ZQ== -ma QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGFwZXguam5scA== | C:\Program Files\Java\jre1.8.0_271\bin\jp2launcher.exe | javaws.exe | |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Web Launcher Exit code: 0 Version: 11.271.2.09 | ||||
1072 | "C:\Program Files\Java\jre1.8.0_271\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_271" -vma LVhteDc2OG0ALURuYXZpcy1sb29rYW5kZmVlbD1vbgAtRGFwcGxlLmF3dC5zaG93R3Jvd0JveD1mYWxzZQAtRGFwcGxlLmF3dC5hbnRpYWxpYXNpbmc9b2ZmAC1EYXBwbGUuYXd0LnRleHRhbnRpYWxpYXNpbmc9b24ALURmaWxlLmVuY29kaW5nPVVURi04AC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8yNzFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzI3MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMjcxXGxpYlxwbHVnaW4uamFyAC1Eam5scC50az1hd3QALWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMjcxXGxpYlxkZXBsb3kuamFyAC1Eam5scHgudm1hcmdzPUxWaHRlRGMyT0cwQUxVUnVZWFpwY3kxc2IyOXJZVzVrWm1WbGJEMXZiZ0F0UkdGd2NHeGxMbUYzZEM1emFHOTNSM0p2ZDBKdmVEMW1ZV3h6WlFBdFJHRndjR3hsTG1GM2RDNWhiblJwWVd4cFlYTnBibWM5YjJabUFDMUVZWEJ3YkdVdVlYZDBMblJsZUhSaGJuUnBZV3hwWVhOcGJtYzliMjRBTFVSbWFXeGxMbVZ1WTI5a2FXNW5QVlZVUmkwNEFBPT0ALURqbmxweC5qdm09QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzI3MVxiaW5camF2YXcuZXhlAC1Eam5scHguc3BsYXNocG9ydD01NTMwOQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzI3MVxiaW4ALURqbmxweC5yZW1vdmU9ZmFsc2UALURqbmxweC5vZmZsaW5lPWZhbHNlAC1Eam5scHgucmVsYXVuY2g9dHJ1ZQAtRGpubHB4LnNlc3Npb24uZGF0YT1DOlxVc2Vyc1xhZG1pblxBcHBEYXRhXExvY2FsXFRlbXBcc2Vzc2lvbjgwNTMyODg0NjEwMTQ5NjE1OTAALURqbmxweC5oZWFwc2l6ZT0tMSw4MDUzMDYzNjgALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8yNzFcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHgub3JpZ0ZpbGVuYW1lQXJnPUM6XFVzZXJzXGFkbWluXEFwcERhdGFcTG9jYWxcVGVtcFxhcGV4LmpubHAALURzdW4uYXd0Lndhcm11cD10cnVlAC1EamF2YS5zZWN1cml0eS5tYW5hZ2VyAA== -ma LXNlY3VyZQBDOlxVc2Vyc1xhZG1pblxBcHBEYXRhXExvY2FsTG93XFN1blxKYXZhXERlcGxveW1lbnRcY2FjaGVcNi4wXDI1XDM5N2ZiNzU5LTI2MDMyN2Q4AA== -ta LURuYXZpcy1sb29rYW5kZmVlbD1vbgAtRGFwcGxlLmF3dC5zaG93R3Jvd0JveD1mYWxzZQAtRGFwcGxlLmF3dC5hbnRpYWxpYXNpbmc9b2ZmAC1EYXBwbGUuYXd0LnRleHRhbnRpYWxpYXNpbmc9b24ALURmaWxlLmVuY29kaW5nPVVURi04AA== -checkParent | C:\Program Files\Java\jre1.8.0_271\bin\jp2launcher.exe | jp2launcher.exe | |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Web Launcher Version: 11.271.2.09 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3900 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\397fb759-260327d8-temp | xml | |
MD5:FA192666B2C2E09FE776A5B318244928 | SHA256:21AA2D96F23ED009D2B5FB5AF086579C345E8B5004C9EFC9E9D33F5394142997 | |||
3900 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\397fb759-260327d8 | xml | |
MD5:FA192666B2C2E09FE776A5B318244928 | SHA256:21AA2D96F23ED009D2B5FB5AF086579C345E8B5004C9EFC9E9D33F5394142997 | |||
3856 | javaw.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties | text | |
MD5:1969F7001C8E3B6B25F3432DA77C7806 | SHA256:2CA4E55FE01E49DEAFE4AE9AA89F785912384D533D4E0321E60A04052D70CC55 | |||
3856 | javaw.exe | C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log | text | |
MD5:13E5BE64D371765E02C0CFA07C893A47 | SHA256:2E44F97C99CD4C500414C9CDDCCBBDEC3F97A991F33C74F9EE18089C9C5DF57F | |||
3900 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\44f51962-59410f01-temp | java | |
MD5:2FF178AFC5889D6404DB77B7852EEE5E | SHA256:034020A59BF4509D2A72EA9A019566C1A80B3CA32AE016ED82B55FD18F1EB016 | |||
3856 | javaw.exe | C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c8061.timestamp | text | |
MD5:BDE5818755D2BE8E6A4F4105E4D8BEAF | SHA256:C2D5B28DF3ED98F03B6E1B493D0539F784CFCA0DF40564B82912DFDD2C3C80CE | |||
3900 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\255c2e6-570e429f | java | |
MD5:DE7EBA2641CFE9F994BC3C45C14B4A9B | SHA256:1647B10961DE155FC8218E1360FB24AD32ADDF6419E0CB42193536707E1860A6 | |||
3900 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\397fb759-edb1a84e2d9431638727edced0eb7ea253f9d12a2f1a052b520c5adbadd0cdfe-6.0.lap | text | |
MD5:C70BBBC92F2717EE7F5747479F45D968 | SHA256:4C1FF87E0169710F7A19793F16DCF7B31EE1FB54B7BD2173FD7D53C7A4EB1BE5 | |||
3900 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\255c2e6-570e429f-temp | java | |
MD5:DE7EBA2641CFE9F994BC3C45C14B4A9B | SHA256:1647B10961DE155FC8218E1360FB24AD32ADDF6419E0CB42193536707E1860A6 | |||
3900 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\21862ded-169cae6c.idx | abr | |
MD5:7A2B2A6A7418160B22D307F5BEA63383 | SHA256:F7118AFB02DDEAC1D903751E9E0F252CA7BDE1B5357CE966C777D471D1E1E50D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3900 | jp2launcher.exe | GET | — | 41.160.4.49:9080 | http://41.160.4.49:9080/apex/lib/jh-signed.jar | ZA | — | — | suspicious |
3900 | jp2launcher.exe | GET | — | 41.160.4.49:9080 | http://41.160.4.49:9080/apex/lib/ulc-core-client-signed.jar | ZA | — | — | suspicious |
1072 | jp2launcher.exe | GET | — | 41.160.4.49:9080 | http://41.160.4.49:9080/apex/clientconfig.properties | ZA | — | — | suspicious |
3900 | jp2launcher.exe | GET | — | 41.160.4.49:9080 | http://41.160.4.49:9080/apex/lib/ulc-framework-client-signed.jar | ZA | — | — | suspicious |
3900 | jp2launcher.exe | GET | 200 | 41.160.4.49:9080 | http://41.160.4.49:9080/apex/lib/jdom-signed.jar | ZA | compressed | 162 Kb | suspicious |
3900 | jp2launcher.exe | GET | 200 | 41.160.4.49:9080 | http://41.160.4.49:9080/apex/apex.jnlp | ZA | xml | 2.28 Kb | suspicious |
1072 | jp2launcher.exe | POST | 200 | 41.160.4.49:9080 | http://41.160.4.49:9080/apex/ulc | ZA | pz | 12 b | suspicious |
3900 | jp2launcher.exe | GET | 200 | 41.160.4.49:9080 | http://41.160.4.49:9080/apex/lib/jgoodies-common-signed.jar | ZA | compressed | 35.2 Kb | suspicious |
1072 | jp2launcher.exe | POST | 200 | 41.160.4.49:9080 | http://41.160.4.49:9080/apex/ulc | ZA | pz | 12 b | suspicious |
3900 | jp2launcher.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3900 | jp2launcher.exe | 41.160.4.49:9080 | — | Neotel Pty Ltd | ZA | suspicious |
1072 | jp2launcher.exe | 41.160.4.49:9080 | — | Neotel Pty Ltd | ZA | suspicious |
3900 | jp2launcher.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
ocsp.digicert.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3900 | jp2launcher.exe | Potentially Bad Traffic | ET POLICY Vulnerable Java Version 1.8.x Detected |
3900 | jp2launcher.exe | Potentially Bad Traffic | ET POLICY Vulnerable Java Version 1.8.x Detected |
3900 | jp2launcher.exe | Potentially Bad Traffic | ET INFO Java .jar request to dotted-quad domain |
3900 | jp2launcher.exe | Potentially Bad Traffic | ET INFO Java .jar request to dotted-quad domain |
3900 | jp2launcher.exe | Potentially Bad Traffic | ET INFO Java .jar request to dotted-quad domain |
3900 | jp2launcher.exe | Potentially Bad Traffic | ET INFO Java .jar request to dotted-quad domain |
3900 | jp2launcher.exe | A Network Trojan was detected | ET INFO JAVA - Java Archive Download By Vulnerable Client |
3900 | jp2launcher.exe | A Network Trojan was detected | ET INFO JAVA - Java Archive Download By Vulnerable Client |
3900 | jp2launcher.exe | A Network Trojan was detected | ET INFO JAVA - Java Archive Download By Vulnerable Client |
3900 | jp2launcher.exe | Potentially Bad Traffic | ET INFO Java .jar request to dotted-quad domain |