File name:

lombok.jar

Full analysis: https://app.any.run/tasks/42500b6f-408a-41c6-bf4f-9dde0e2c4fac
Verdict: Malicious activity
Analysis date: October 26, 2023, 12:57:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/java-archive
File info: Java archive data (JAR)
MD5:

F9FF3A48FA4CC5AC7E0A426E2F5C30B2

SHA1:

6EF15599B55A90D2704A1A9F3FE04C12BB58081C

SHA256:

D7EE122EEE1EAEEB45182A89FF36FC2DD086858D1B2F54B615C6FEF7BA1D6012

SSDEEP:

98304:HUs9+EPHydwcnNA6WjbLpaIqEmRIkaqDpeGemHv+Ijs7ZY14GHVRGFWMVr5flxIM:RlB1uFq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • javaw.exe (PID: 372)

    • Drops the executable file immediately after the start

      • javaw.exe (PID: 372)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Create files in a temporary directory

      • javaw.exe (PID: 372)

    • Checks supported languages

      • javaw.exe (PID: 372)

    • Reads the computer name

      • javaw.exe (PID: 372)

    • Creates files in the program directory

      • javaw.exe (PID: 372)

    • Reads the machine GUID from the registry

      • javaw.exe (PID: 372)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.jar | Java Archive (78.3)
.zip | ZIP compressed archive (21.6)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: 0x0800
ZipCompression: None
ZipModifyDate: 2023:09:20 04:39:50
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: META-INF/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javaw.exe no specs icacls.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
372"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar "C:\Users\admin\AppData\Local\Temp\lombok.jar"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exeexplorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
3452C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MC:\Windows\System32\icacls.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
Total events
1 228
Read events
1 223
Write events
5
Delete events
0

Modification events

(PID) Process:(372) javaw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(372) javaw.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
1
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
372javaw.exeC:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c8061.timestamptext
MD5:AB6810CBA0AC0CD919F989DE85631A92
SHA256:CA278514578D11DF1EB4009747CF8E7191F45605142BE090FDE1112F8E4D90AC
372javaw.exeC:\Users\admin\AppData\Local\Temp\lombok-1.18.30-WindowsDriveInfo-i386.dllexecutable
MD5:C4D7064E400A22CC9A59D2D97382B5B8
SHA256:F210056BA0DFD996646B91E92F4665399B33BF4DA651DEA26B4888F87215EC29
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
lombok.jar