File name: | Invoice #960494.jar |
Full analysis: | https://app.any.run/tasks/ab605920-6203-42b7-94e3-b817daed2f36 |
Verdict: | Malicious activity |
Analysis date: | November 29, 2020, 09:58:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/java-archive |
File info: | Java archive data (JAR) |
MD5: | 8078E36E51162854E12A05B482E2F5E7 |
SHA1: | CB09C63BE4312FF8F2A2481EFAD6135037CD26F2 |
SHA256: | 2B6470A593F15DC92C4BAFEC9CDEE03245A81F6F14072629647BA3CC2FA820C7 |
SSDEEP: | 768:GnBq+FQxjJKJa4CieXnA9DQHJITsSNt19ypXt9D/Y30M7O3UVwj:yboj0a4BcAUuTJm/9DW5iK8 |
.jar | | | Java Archive (78.3) |
---|---|---|
.zip | | | ZIP compressed archive (21.6) |
ZipFileName: | 632487310 |
---|---|
ZipUncompressedSize: | 1297 |
ZipCompressedSize: | 1302 |
ZipCRC: | 0xeea276f0 |
ZipModifyDate: | 2020:11:27 07:46:01 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0808 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2556 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\AppData\Local\Temp\Invoice #960494.jar" | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | — | explorer.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.920.14 | ||||
2228 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar C:\Users\admin\AppData\Local\Temp\79644347.tmp | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | javaw.exe | |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Version: 8.0.920.14 | ||||
3992 | C:\Users\admin\node-v14.12.0-win-x86\node.exe - --hub-domain deskt.linkpc.net | C:\Users\admin\node-v14.12.0-win-x86\node.exe | javaw.exe | |
User: admin Company: Node.js Integrity Level: MEDIUM Description: Node.js: Server-side JavaScript Version: 14.12.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2228 | javaw.exe | C:\Users\admin\node-v14.12.0-win-x86.tmp14921809373\node-v14.12.0-win-x86\node.exe | — | |
MD5:— | SHA256:— | |||
2228 | javaw.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:096B8078F43202F5B896DFDF91CCE0A3 | SHA256:84D2B1E6CC9847C920A2B17E5BFCA355398DA3CC76FE23A436E648E4440D6A50 | |||
2556 | javaw.exe | C:\Users\admin\AppData\Local\Temp\79644347.tmp | java | |
MD5:8078E36E51162854E12A05B482E2F5E7 | SHA256:2B6470A593F15DC92C4BAFEC9CDEE03245A81F6F14072629647BA3CC2FA820C7 | |||
2556 | javaw.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:86E6D408C2BF32B21BE9B97BCD7A83C1 | SHA256:12069225AC226C434A22E1869F6F2520B043AF5C071BFF79D531F3225B207E9E | |||
2228 | javaw.exe | C:\Users\admin\node-v14.12.0-win-x86.tmp14921809373\node-v14.12.0-win-x86\node_modules\npm\bin\npx | text | |
MD5:F3AC8B0BCC82456D9C702DD17C232796 | SHA256:99911D9C4BEBA98143FE160A55999331DD5C80038E48F23EE517A0E0DAD4BFB3 | |||
2228 | javaw.exe | C:\Users\admin\node-v14.12.0-win-x86.tmp14921809373\node-v14.12.0-win-x86\node_modules\npm\.licensee.json | text | |
MD5:B133415ABE39E5C1865AAD84712B3941 | SHA256:66218BC67A524799BA7CCAD7C493A8D24EEED81C07BED24E0C3034ABA6014061 | |||
2228 | javaw.exe | C:\Users\admin\node-v14.12.0-win-x86.tmp14921809373\node-v14.12.0-win-x86\nodevars.bat | text | |
MD5:E6636C5B093F5CC13DFB7508305B8D8B | SHA256:A2B020E2F641524C6FD1B8EBBCD9EE03C7DC44009F2B78E701E773AD048BE9A5 | |||
2228 | javaw.exe | C:\Users\admin\node-v14.12.0-win-x86.tmp14921809373\node-v14.12.0-win-x86\node_etw_provider.man | text | |
MD5:1D51E18A7247F47245B0751F16119498 | SHA256:1975AA34C1050B8364491394CEBF6E668E2337C3107712E3EECA311262C7C46F | |||
2228 | javaw.exe | C:\Users\admin\node-v14.12.0-win-x86.tmp14921809373\node-v14.12.0-win-x86\node_modules\npm\bin\node-gyp-bin\node-gyp | text | |
MD5:6E25816F1EC43CA4D9DF43634F4FDC74 | SHA256:EE2C0CD004287093A3767C0A31D9A0A3C4B00C0517CC974473E2B483EEF438E7 | |||
2228 | javaw.exe | C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\83aa4cc77f591dfc2374580bbd95f6ba_90059c37-1320-41a4-b58d-2b75a9850d2f | dbf | |
MD5:C8366AE350E7019AEFC9D1E6E6A498C6 | SHA256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2228 | javaw.exe | 104.20.22.46:443 | nodejs.org | Cloudflare Inc | US | shared |
3992 | node.exe | 136.175.8.251:443 | deskt.linkpc.net | — | — | unknown |
Domain | IP | Reputation |
---|---|---|
nodejs.org |
| whitelisted |
deskt.linkpc.net |
| malicious |