Malware analysis JavaSetup8u431.exe Malicious activity

Add for printing

File name:	JavaSetup8u431.exe
Full analysis:	https://app.any.run/tasks/baa81143-d6ee-4229-9dff-50a3c78caa3e
Verdict:	Malicious activity
Analysis date:	November 25, 2024, 13:25:17
OS:	Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:	1C098B289611A95A1A84A77AFE64620E
SHA1:	3A13FEA5DAF0F6E9BC6932DFBA6582C5420B8BE5
SHA256:	641D91C2036584022FF85C76450B367B7031DD2FC845A507C7B5948EEB2696FC
SSDEEP:	98304:hElcskemmZ0kFLexrtaXBFvR/hTwMqfZeW3nTZ8aO:u

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Executable content was dropped or overwritten
  - LZMA_EXE (PID: 7120)
  - JavaSetup8u431.exe (PID: 6180)
  - JavaSetup8u431.exe (PID: 6224)
  - installer.exe (PID: 6512)
- Starts application with an unusual extension
  - JavaSetup8u431.exe (PID: 6224)
- The process drops C-runtime libraries
  - msiexec.exe (PID: 5472)
- Process drops legitimate windows executable
  - msiexec.exe (PID: 5472)
INFO
- Executable content was dropped or overwritten
  - msiexec.exe (PID: 5472)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (76.4)
.exe	\|	Win32 Executable (generic) (12.4)
.exe	\|	Generic Win/DOS Executable (5.5)
.exe	\|	DOS Executable Generic (5.5)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2024:09:30 08:52:08+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.36
CodeSize:	200192
InitializedDataSize:	2157568
UninitializedDataSize:	-
EntryPoint:	0x1046b
OSVersion:	6
ImageVersion:	-
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	8.0.4310.10
ProductVersionNumber:	8.0.4310.10
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Oracle Corporation
FileDescription:	Java Platform SE binary
FileVersion:	8.0.4310.10
FullVersion:	1.8.0_431-b10
InternalName:	Setup Launcher
LegalCopyright:	Copyright © 2024
OriginalFileName:	online_wrapper-cab.exe
ProductName:	Java Platform SE 8 U431
ProductVersion:	8.0.4310.10

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

149

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

640

C:\Windows\syswow64\MsiExec.exe -Embedding BBD7FD37A1A27A739BAF6E593F9749D9 E Global\MSI0000

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Windows® installer

Exit code:

Version:

5.0.19041.3636 (WinBuild.160101.0800)

2072

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

LZMA_EXE

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Console Window Host

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

3524

C:\Windows\syswow64\MsiExec.exe -Embedding 7C903948D3C333680596E39624EDA6C0

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Exit code:

Version:

5.0.19041.3636 (WinBuild.160101.0800)

3584

"C:\Program Files (x86)\Java\jre1.8.0_431\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files (x86)\Java\jre1.8.0_431\bin\javaw.exe

installer.exe

User:

SYSTEM

Company:

Oracle Corporation

Integrity Level:

SYSTEM

Description:

Java(TM) Platform SE binary

Exit code:

Version:

8.0.4310.10

Modules

Images
c:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll

3780

"C:\Users\admin\AppData\LocalLow\Oracle\Java\jre1.8.0_431\LZMA_EXE" d "C:\Users\admin\AppData\LocalLow\Oracle\Java\jre1.8.0_431\jre1.8.0_431.msi" "C:\Users\admin\AppData\LocalLow\Oracle\Java\jre1.8.0_431\msi.tmp"

C:\Users\admin\AppData\LocalLow\Oracle\Java\jre1.8.0_431\LZMA_EXE

—

JavaSetup8u431.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\users\admin\appdata\locallow\oracle\java\jre1.8.0_431\lzma_exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll

4596

"C:\Users\admin\AppData\Local\Temp\JavaSetup8u431.exe"

C:\Users\admin\AppData\Local\Temp\JavaSetup8u431.exe

—

explorer.exe

User:

admin

Company:

Oracle Corporation

Integrity Level:

MEDIUM

Description:

Java Platform SE binary

Exit code:

3221226540

Version:

8.0.4310.10

Modules

Images
c:\users\admin\appdata\local\temp\javasetup8u431.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll

4840

C:\Windows\syswow64\MsiExec.exe -Embedding E15566A3483F5718D9A14C56D4669133

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Exit code:

Version:

5.0.19041.3636 (WinBuild.160101.0800)

Modules

Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll

5028

C:\Windows\syswow64\MsiExec.exe -Embedding D3CB5B425C33FB440F40BFA3394072AE

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Exit code:

Version:

5.0.19041.3636 (WinBuild.160101.0800)

5472

C:\WINDOWS\system32\msiexec.exe /V

C:\Windows\System32\msiexec.exe

services.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Windows® installer

Version:

5.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll

5548

C:\Windows\syswow64\MsiExec.exe -Embedding 40A078A244205C33CEFC2624E894A531 E Global\MSI0000

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Windows® installer

Exit code:

Version:

5.0.19041.3636 (WinBuild.160101.0800)

Add for printing

Total events

15 242

Read events

9 426

Write events

5 795

Delete events

Modification events


(PID) Process:	(6224) JavaSetup8u431.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\JavaSoft
Operation:	delete value	Name:	InstallStatus
Value:
(PID) Process:	(6224) JavaSetup8u431.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:	write	Name:	CachePrefix
Value:
(PID) Process:	(6224) JavaSetup8u431.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(6224) JavaSetup8u431.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(6224) JavaSetup8u431.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:	delete value	Name:	AddToFavoritesInitialSelection
Value:
(PID) Process:	(6224) JavaSetup8u431.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:	delete value	Name:	AddToFeedsInitialSelection
Value:
(PID) Process:	(6224) JavaSetup8u431.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\JavaSoft\Java Update\Policy
Operation:	write	Name:	Country
Value: BR
(PID) Process:	(6224) JavaSetup8u431.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\JavaSoft\Java Update\Policy
Operation:	write	Name:	Method
Value: jcab
(PID) Process:	(6224) JavaSetup8u431.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\JavaSoft\Java Update\Policy
Operation:	write	Name:	PostStatusUrl
Value: https://sjremetrics.java.com/b/ss//6
(PID) Process:	(5472) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Owner
Value: 60150000DB2E6F8A3D3FDB01

Add for printing

Executable files

205

Suspicious files

Text files

109

Unknown types

Dropped files

PID	Process	Filename		Type
6224	JavaSetup8u431.exe	C:\Users\admin\AppData\LocalLow\Oracle\Java\jre1.8.0_431\jds1272562.tmp		—
		MD5:—	SHA256:—
6224	JavaSetup8u431.exe	C:\Users\admin\AppData\LocalLow\Oracle\Java\jre1.8.0_431\jre1.8.0_431.msi		—
		MD5:—	SHA256:—
3780	LZMA_EXE	C:\Users\admin\AppData\LocalLow\Oracle\Java\jre1.8.0_431\msi.tmp		—
		MD5:—	SHA256:—
5472	msiexec.exe	C:\Windows\Installer\13c315.msi		—
		MD5:—	SHA256:—
6180	JavaSetup8u431.exe	C:\Users\admin\AppData\Local\Temp\jds1269234.tmp\JavaSetup8u431.exe		executable
		MD5:5FA91F525DA5564AC9B1AB6462DE47DC	SHA256:60E616A1676ABC59B68C63EF64AC39CD66895EA52A858145AF381BE870F3A491
6180	JavaSetup8u431.exe	C:\Users\admin\AppData\Local\Temp\jusched.log		text
		MD5:13791F6187E617D766E4A6497BA5ACE9	SHA256:E519D4CE42EA80038E265E8EC16B8414346A8A3CE9283E369A71E117D847FCB2
6224	JavaSetup8u431.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04		binary
		MD5:486E47825E86E31D4879EF75BA03CF46	SHA256:C140385C73D4871C743CCE98E82D5A6FA1AE0607EDE8E0CFAA6316A89F6712F3
5472	msiexec.exe	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log		text
		MD5:7634E6A7F1D6C43037CA1C3AA1AB49AA	SHA256:BB86278E3019A359242DADF07DDC6A11EB53C69D55F1D707D95DEC56FBCF57F4
6180	JavaSetup8u431.exe	C:\Users\admin\AppData\Local\Temp\jds1269234.tmp\jds1269234.tmp		executable
		MD5:5FA91F525DA5564AC9B1AB6462DE47DC	SHA256:60E616A1676ABC59B68C63EF64AC39CD66895EA52A858145AF381BE870F3A491
6224	JavaSetup8u431.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141		binary
		MD5:77DC165607CA29CC17A6CB8886DDEE1D	SHA256:180C329DCD3274D56C35604379C04599AC94A373AEC5DCD1525F21CDC178F757

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	200	2.16.164.17:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
4712	MoUsoCoreWorker.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
5064	SearchApp.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	unknown	—	—	whitelisted
6224	JavaSetup8u431.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D	unknown	—	—	whitelisted
6224	JavaSetup8u431.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D	unknown	—	—	whitelisted
1176	svchost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
—	—	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
6224	JavaSetup8u431.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAYOL4%2BeG4vlGNX%2BK2nPzLE%3D	unknown	—	—	whitelisted
6224	JavaSetup8u431.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D	unknown	—	—	whitelisted
4668	SIHClient.exe	GET	200	88.221.169.152:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
4328	svchost.exe	4.231.128.59:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
5064	SearchApp.exe	2.23.209.171:443	www.bing.com	Akamai International B.V.	GB	whitelisted
—	—	4.231.128.59:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	2.16.164.17:80	crl.microsoft.com	Akamai International B.V.	NL	whitelisted
4712	MoUsoCoreWorker.exe	95.101.149.131:80	www.microsoft.com	Akamai International B.V.	NL	whitelisted
—	—	95.101.149.131:80	www.microsoft.com	Akamai International B.V.	NL	whitelisted
—	—	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4712	MoUsoCoreWorker.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
6224	JavaSetup8u431.exe	104.102.54.38:443	javadl-esd-secure.oracle.com	AKAMAI-AS	DE	whitelisted

DNS requests

Domain	IP	Reputation
www.bing.com	2.23.209.171 2.23.209.162 2.23.209.160 2.23.209.158 2.23.209.168 2.23.209.156 2.23.209.167 2.23.209.166 2.23.209.161	whitelisted
crl.microsoft.com	2.16.164.17 2.16.164.107 2.16.164.18 2.16.164.40 2.16.164.106	whitelisted
www.microsoft.com	95.101.149.131 88.221.169.152	whitelisted
google.com	142.250.185.142	whitelisted
settings-win.data.microsoft.com	51.124.78.146 20.73.194.208	whitelisted
javadl-esd-secure.oracle.com	104.102.54.38	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
javadl.oracle.com	104.102.54.38	whitelisted
sdlc-esd.oracle.com	23.212.88.77	whitelisted
login.live.com	40.126.32.136 20.190.160.20 40.126.32.140 40.126.32.133 40.126.32.138 20.190.160.17 20.190.160.22 40.126.32.134	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

JavaSetup8u431.exe

1C098B289611A95A1A84A77AFE64620E

3A13FEA5DAF0F6E9BC6932DFBA6582C5420B8BE5

641D91C2036584022FF85C76450B367B7031DD2FC845A507C7B5948EEB2696FC

98304:hElcskemmZ0kFLexrtaXBFvR/hTwMqfZeW3nTZ8aO:u

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Executable content was dropped or overwritten

Starts application with an unusual extension

The process drops C-runtime libraries

Process drops legitimate windows executable

INFO

Executable content was dropped or overwritten

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Modules

Information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Information

Modules

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings