analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

MV Reggane RFQ.jar

Full analysis: https://app.any.run/tasks/f433f3ad-f361-4fb6-b203-db04bc575a67
Verdict: Malicious activity
Analysis date: May 20, 2022, 18:56:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/java-archive
File info: Java archive data (JAR)
MD5:

EF1AF4C60D1FA2312D6255539CA36EC0

SHA1:

9E8C9C1CD5A870EA5D103DF839F9C279F1FF3465

SHA256:

45352B0AFA5512F2209116D9A4EA96FFFF8E37E79F414879318DFD7006AEEDB5

SSDEEP:

1536:/pplfXqvkcGSJikmmq4KS2qEQPEwBFiccgmjMBo3WEr1lMESWqYza5fdz0nhZ:/pzKkcGTkUIpEwGcVWZSPYSfdz0nhZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates files in the program directory

      • javaw.exe (PID: 1000)

    • Uses ICACLS.EXE to modify access control list

      • javaw.exe (PID: 1000)

    • Checks supported languages

      • javaw.exe (PID: 1000)

    • Reads the computer name

      • javaw.exe (PID: 1000)

  • INFO

    • Checks supported languages

      • icacls.exe (PID: 1204)

    • Reads the computer name

      • icacls.exe (PID: 1204)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.jar | Java Archive (78.3)
.zip | ZIP compressed archive (21.6)

EXIF

ZIP

ZipFileName: META-INF/
ZipUncompressedSize: -
ZipCompressedSize: 2
ZipCRC: 0x00000000
ZipModifyDate: 2022:04:25 08:20:19
ZipCompression: Deflated
ZipBitFlag: 0x0808
ZipRequiredVersion: 20
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javaw.exe icacls.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1000"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar "C:\Users\admin\AppData\Local\Temp\MV Reggane RFQ.jar"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe
Explorer.EXE
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Version:
8.0.2710.9
1204C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MC:\Windows\system32\icacls.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
712
Read events
711
Write events
1
Delete events
0

Modification events

(PID) Process:(1000) javaw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
javaw.exe
Executable files
4
Suspicious files
4
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
1000javaw.exeC:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c8061.timestamptext
MD5:CC1D4EBD4329BF8886087DF8FD3015B7
SHA256:80BDC42B08D312253932BFA5F0429B35858E1EB198993FA54CD2905857967E19
1000javaw.exeC:\Users\admin\lib\jna-platform-5.5.0.jardjava
MD5:2F4A99C2758E72EE2B59A73586A2322F
SHA256:24D81621F82AC29FCDD9A74116031F5907A2343158E616F4573BBFA2434AE0D5
1000javaw.exeC:\Users\admin\lib\jna-5.5.0.jardjava
MD5:ACFB5B5FD9EE10BF69497792FD469F85
SHA256:B308FAEBFE4ED409DE8410E0A632D164B2126B035F6EACFF968D3908CAFB4D9E
1000javaw.exeC:\Users\admin\lib\jna-5.5.0.jarjava
MD5:ACFB5B5FD9EE10BF69497792FD469F85
SHA256:B308FAEBFE4ED409DE8410E0A632D164B2126B035F6EACFF968D3908CAFB4D9E
1000javaw.exeC:\Users\admin\lib\jna-platform-5.5.0.jarjava
MD5:2F4A99C2758E72EE2B59A73586A2322F
SHA256:24D81621F82AC29FCDD9A74116031F5907A2343158E616F4573BBFA2434AE0D5
1000javaw.exeC:\Users\admin\lib\system-hook-3.5.jarcompressed
MD5:E1AA38A1E78A76A6DE73EFAE136CDB3A
SHA256:2DDDA8AF6FAEF8BDE46ACF43EC546603180BCF8DCB2E5591FFF8AC9CD30B5609
1000javaw.exeC:\Users\admin\lib\system-hook-3.5.jardcompressed
MD5:E1AA38A1E78A76A6DE73EFAE136CDB3A
SHA256:2DDDA8AF6FAEF8BDE46ACF43EC546603180BCF8DCB2E5591FFF8AC9CD30B5609
1000javaw.exeC:\Users\admin\lib\sqlite-jdbc-3.14.2.1.jarcompressed
MD5:B33387E15AB150A7BF560ABDC73C3BEC
SHA256:2EAE3DEA1C3DDE6104C49F9601074B6038FF6ABCF3BE23F4B56F6720A4F6A491
1000javaw.exeC:\Users\admin\lib\sqlite-jdbc-3.14.2.1.jardcompressed
MD5:B33387E15AB150A7BF560ABDC73C3BEC
SHA256:2EAE3DEA1C3DDE6104C49F9601074B6038FF6ABCF3BE23F4B56F6720A4F6A491
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
9
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1000
javaw.exe
185.199.108.133:443
objects.githubusercontent.com
GitHub, Inc.
NL
malicious
1000
javaw.exe
199.232.192.209:443
repo1.maven.org
US
suspicious
1000
javaw.exe
140.82.121.4:443
github.com
US
malicious

DNS requests

Domain
IP
Reputation
repo1.maven.org
  • 199.232.192.209
  • 199.232.196.209
whitelisted
github.com
  • 140.82.121.4
shared
objects.githubusercontent.com
  • 185.199.108.133
  • 185.199.109.133
  • 185.199.110.133
  • 185.199.111.133
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
MV Reggane RFQ.jar