File name: | 11.1.jar |
Full analysis: | https://app.any.run/tasks/f49d869e-91ae-4c39-ba63-59bc24b5a8e9 |
Verdict: | Malicious activity |
Analysis date: | February 25, 2020, 13:00:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/java-archive |
File info: | Java archive data (JAR) |
MD5: | 5505EC151916D81CE0B065926DFE8005 |
SHA1: | FFC51A2A73F0C230856BCA0BE0E3675652EF3E92 |
SHA256: | 63D05D8545F0604EC104DFF8E07F889D1A15CCFEF10A3C65B1A7C73DF02FF8EA |
SSDEEP: | 6144:FQu7BUkU8Xwat1+OIiYid4yaqM4z5li2NXocOKU95SNWpw8OFHVZfWAoynHv+Edb:ZtrUmzt1ZI3mq4zPi2BRUCWpwzF1Eynl |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | META-INF/MANIFEST.MF |
---|---|
ZipUncompressedSize: | 512 |
ZipCompressedSize: | 395 |
ZipCRC: | 0x8af85fba |
ZipModifyDate: | 2020:02:25 19:51:23 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0808 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3368 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\AppData\Local\Temp\11.1.jar.zip" | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | explorer.exe | |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Version: 8.0.920.14 | ||||
2876 | cmd.exe | C:\Windows\system32\cmd.exe | — | javaw.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
548 | WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2836 | cmd.exe | C:\Windows\system32\cmd.exe | — | javaw.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1332 | WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path FirewallProduct Get displayName /Format:List | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2856 | attrib +h C:\Users\admin\Oracle | C:\Windows\system32\attrib.exe | — | javaw.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Attribute Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2788 | attrib +h +r +s C:\Users\admin\.ntusernt.ini | C:\Windows\system32\attrib.exe | — | javaw.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Attribute Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4012 | attrib -s -r C:\Users\admin\IueMc\Desktop.ini | C:\Windows\system32\attrib.exe | — | javaw.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Attribute Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2748 | attrib +s +r C:\Users\admin\IueMc\Desktop.ini | C:\Windows\system32\attrib.exe | — | javaw.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Attribute Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2516 | attrib -s -r C:\Users\admin\IueMc | C:\Windows\system32\attrib.exe | — | javaw.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Attribute Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3368 | javaw.exe | C:\Users\admin\Oracle\bin\client\classes.jsa | — | |
MD5:— | SHA256:— | |||
3368 | javaw.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:D7E7A1E50F3B7FD60BFD7D33B3CB1394 | SHA256:B86426B8484D329FFB09A07F7F53E6EBCEC26798A3ED654EFB2D8F9035D90C18 | |||
3368 | javaw.exe | C:\Users\admin\Oracle\bin\client\Xusage.txt | text | |
MD5:B3174769A9E9E654812315468AE9C5FA | SHA256:37CF4E6CDC4357CEBB0EC8108D5CB0AD42611F675B926C819AE03B74CE990A08 | |||
3368 | javaw.exe | C:\Users\admin\Oracle\bin\glass.dll | executable | |
MD5:BE9D67DFFCC06D2073831F5D8CDE2DC0 | SHA256:A92DF0E1F93E29FAE427DA766D9B91BDA4B421E6AB86AEB9CDD060B218028D35 | |||
3368 | javaw.exe | C:\Users\admin\Oracle\bin\fontmanager.dll | executable | |
MD5:412B97D96EA9384C78851938921EE44A | SHA256:20BEF5BCD523CFF21BAD585AF91D1C913D5535A6B20AC70F5F3D8DAFB2F90F25 | |||
3368 | javaw.exe | C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\83aa4cc77f591dfc2374580bbd95f6ba_90059c37-1320-41a4-b58d-2b75a9850d2f | dbf | |
MD5:C8366AE350E7019AEFC9D1E6E6A498C6 | SHA256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238 | |||
3368 | javaw.exe | C:\Users\admin\Oracle\bin\deploy.dll | executable | |
MD5:720EDC1469525DFCD3AE211E653D0241 | SHA256:BFF79FB05667992CC2BDA9BAE6E5A301BAF553042F952203641CCD7E1FC4552D | |||
3368 | javaw.exe | C:\Users\admin\Oracle\bin\dcpr.dll | executable | |
MD5:682CFD9431E5675900B04FEBE6CD4EB9 | SHA256:80111E1D706741F5EF7F661835C3AA46664666425AA1B5F93103410F2BEE1213 | |||
3368 | javaw.exe | C:\Users\admin\Oracle\bin\decora_sse.dll | executable | |
MD5:94434B8739CB5CD184C63CEC209F06E2 | SHA256:ADF4E9CE0866FF16A16F626CFC62355FB81212B1E7C95DD908E3644F88B77E91 | |||
3368 | javaw.exe | C:\Users\admin\Oracle\bin\dt_socket.dll | executable | |
MD5:138F156057245747692A68EBE50D52C2 | SHA256:F0FD0268D6E410C05E7EE71AD9C96744CD5E4A97329F608041D7078FAEE24ED0 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3368 | javaw.exe | 118.100.66.100:4424 | dman20.ddns.net | TM Net, Internet Service Provider | MY | unknown |
Domain | IP | Reputation |
---|---|---|
dman20.ddns.net |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET POLICY DNS Query to DynDNS Domain *.ddns .net |