File name: | shipment_trackinginfo.jar.zip |
Full analysis: | https://app.any.run/tasks/5f94d880-0a44-4570-9ee2-fb01cbe05192 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 12:41:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | CFF9ACAF3513569D22F529D8488F3AD7 |
SHA1: | 77FA4EA65D7E81CF7822B4E089A3AE5782F81078 |
SHA256: | B54C63A8A13CA20B989AB1CEAE7AF367B4BD337C075AD42E2A06E54CB962725C |
SSDEEP: | 6144:UBWC+zZYdGGoGaYAr2Ywl/ywO0krqG4guH78c6X6uSnTMJbEGVxAeGQ:UBWBZYRoUEGbONDxK7nMZHAen |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 788 |
---|---|
ZipBitFlag: | 0x0001 |
ZipCompression: | Deflated |
ZipModifyDate: | 2020:05:29 04:13:25 |
ZipCRC: | 0xf20941be |
ZipCompressedSize: | 336095 |
ZipUncompressedSize: | 391463 |
ZipFileName: | shipment_trackinginfo.jar |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
584 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\shipment_trackinginfo.jar.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1556 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\Desktop\shipment_trackinginfo.jar" | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | explorer.exe | |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Version: 8.0.920.14 | ||||
3792 | REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "shipment_trackinginfo.jar" /d "C:\Users\admin\AppData\Roaming\shipment_trackinginfo.jar" /f | C:\Windows\system32\REG.exe | javaw.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3884 | attrib +H C:\Users\admin\AppData\Roaming\shipment_trackinginfo.jar | C:\Windows\system32\attrib.exe | — | javaw.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Attribute Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3980 | attrib +H C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shipment_trackinginfo.jar | C:\Windows\system32\attrib.exe | — | javaw.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Attribute Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1556 | javaw.exe | C:\Users\admin\AppData\Local\Temp\JNativeHook-7153438308218788367.dll | — | |
MD5:— | SHA256:— | |||
1556 | javaw.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shipment_trackinginfo.jar | executable | |
MD5:48A5714147EE85374AB74174A82AB77A | SHA256:E7C36E5ED6E3B409A20CE37D4604EFB2D69BA7C146996CA8F1C0C1BCD72E81A0 | |||
584 | WinRAR.exe | C:\Users\admin\Desktop\shipment_trackinginfo.jar | executable | |
MD5:48A5714147EE85374AB74174A82AB77A | SHA256:E7C36E5ED6E3B409A20CE37D4604EFB2D69BA7C146996CA8F1C0C1BCD72E81A0 | |||
1556 | javaw.exe | C:\Users\admin\AppData\Roaming\shipment_trackinginfo.jar | executable | |
MD5:48A5714147EE85374AB74174A82AB77A | SHA256:E7C36E5ED6E3B409A20CE37D4604EFB2D69BA7C146996CA8F1C0C1BCD72E81A0 | |||
1556 | javaw.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:51A8E862B05C5F06BDABF51B980DCCEE | SHA256:7E0056D2B10EF5A38361FD2A20EDCD349106F193360E10F51650EF1DC323625E | |||
1556 | javaw.exe | C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\83aa4cc77f591dfc2374580bbd95f6ba_90059c37-1320-41a4-b58d-2b75a9850d2f | dbf | |
MD5:C8366AE350E7019AEFC9D1E6E6A498C6 | SHA256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238 | |||
1556 | javaw.exe | C:\Users\admin\AppData\Local\Temp\JNativeHook-FCBC1DC5993F3B7C153159E29CD4364927BC9517.dll | executable | |
MD5:B4CE035F926531D6B4DFA8477C6477E4 | SHA256:F6FFEAD3B5F3DB5A7A00D1FEF874C3D3ED7ECF095DA2D981EBD691FDFA685716 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1556 | javaw.exe | 91.92.136.52:9090 | — | BelCloud Hosting Corporation | BG | malicious |
PID | Process | Class | Message |
---|---|---|---|
1556 | javaw.exe | Generic Protocol Command Decode | SURICATA Applayer Wrong direction first Data |