File name: | db2475e26f5b9bed2b55f81f0a55c895c08fce3a6472f3e1f4dbfed83651d83a |
Full analysis: | https://app.any.run/tasks/80b83f4e-9b00-4920-b48a-ed1ee6fc5795 |
Verdict: | Malicious activity |
Analysis date: | February 18, 2019, 09:52:06 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | E8A8673913C1AAAF3DAA9BC95D017A36 |
SHA1: | 65114DBF6AFF51EE3D629D3EFC7F54D193727223 |
SHA256: | DB2475E26F5B9BED2B55F81F0A55C895C08FCE3A6472F3E1F4DBFED83651D83A |
SSDEEP: | 6144:KLRRgaZ6GN4HUeBZpRsTgF8agBFYLCI2lqfAG1TamSKaAw+rI4smsp5BnYxLH:yRjN4HUoZpOMcHYLx4MP14KaAw+k4sr8 |
.jar | | | Java Archive (78.3) |
---|---|---|
.zip | | | ZIP compressed archive (21.6) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0800 |
ZipCompression: | Deflated |
ZipModifyDate: | 2018:02:09 19:44:21 |
ZipCRC: | 0xab68524d |
ZipCompressedSize: | 54 |
ZipUncompressedSize: | 56 |
ZipFileName: | META-INF/MANIFEST.MF |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3052 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\Desktop\db2475e26f5b9bed2b55f81f0a55c895c08fce3a6472f3e1f4dbfed83651d83a.jar" | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | — | explorer.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.920.14 | ||||
3416 | reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ /v mac /t REG_SZ /d C:\Users\admin\AppData\Roaming\mac /f | C:\Windows\system32\reg.exe | javaw.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3496 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw" -jar C:\Users\admin\AppData\Roaming\mac | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | javaw.exe | |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Version: 8.0.920.14 | ||||
3900 | reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ /v mac.jar /t REG_SZ /d "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe -jar "C:\Users\admin\AppData\Roaming\mac"" /f | C:\Windows\system32\reg.exe | javaw.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (3416) reg.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | mac |
Value: C:\Users\admin\AppData\Roaming\mac | |||
(PID) Process: | (3900) reg.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | mac.jar |
Value: C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe -jar C:\Users\admin\AppData\Roaming\mac |
PID | Process | Filename | Type | |
---|---|---|---|---|
3052 | javaw.exe | C:\Users\admin\AppData\Roaming\mac | compressed | |
MD5:FAF2DDFEACAE61333BB1DBFAC2A8CE3C | SHA256:3C55D7B334CDB5752B1DA90D60C31ED6F7EEFCB7A707305EDBBE9F934C336EB0 | |||
3052 | javaw.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:0D9D4E82F765D4BECF4F7FCB2669F709 | SHA256:FE2FA39DCC356792DDC47F318DBE6F7ED40DE108E2A1B5E1E10A94641BD56000 | |||
3496 | javaw.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:0D1576FF14996543731E8AE0C019DA5B | SHA256:293B66489628962F3D5C9E23DB59FA6D7869E42EFB696314DBC77EFF7087B04D |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3496 | javaw.exe | 145.249.104.47:1336 | — | Quasi Networks LTD. | ES | suspicious |