| File name: | 7Clicker.jar |
| Full analysis: | https://app.any.run/tasks/11bc923f-9d83-49e4-8f22-d9d142a89814 |
| Verdict: | Malicious activity |
| Analysis date: | June 25, 2023, 18:36:10 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/java-archive |
| File info: | Java archive data (JAR) |
| MD5: | 8FD172F85EE2111BB2C796F255DFCA77 |
| SHA1: | E9DBBE9A7AC5D9829F62597469F4053B01721DCE |
| SHA256: | DD21FB853285D3CE6738A32E82B1727DED2CC569883F0E85A407EF4E1C15C40B |
| SSDEEP: | 6144:7nhVBkJYJjEJ7WtPbnxG1Rh/dCwfmb/Oy+z0ph7u0c+nQXLWnFYmDG7i5m6JeCh1:7hpsEPGl0SIkz2hS0vnQticaeCh1 |
MALICIOUS
Loads dropped or rewritten executable
- javaw.exe (PID: 2952)
SUSPICIOUS
Executable content was dropped or overwritten
- javaw.exe (PID: 2952)
INFO
The process checks LSA protection
- javaw.exe (PID: 2952)
- icacls.exe (PID: 3588)
Reads the computer name
- javaw.exe (PID: 2952)
Reads the machine GUID from the registry
- javaw.exe (PID: 2952)
Checks supported languages
- javaw.exe (PID: 2952)
Create files in a temporary directory
- javaw.exe (PID: 2952)
Creates files in the program directory
- javaw.exe (PID: 2952)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipFileName: | META-INF/MANIFEST.MF |
|---|---|
| ZipUncompressedSize: | - |
| ZipCompressedSize: | - |
| ZipCRC: | 0x00000000 |
| ZipModifyDate: | 2016:02:28 13:45:52 |
| ZipCompression: | Deflated |
| ZipBitFlag: | 0x0808 |
| ZipRequiredVersion: | 20 |
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2952 | "C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar "C:\Users\admin\AppData\Local\Temp\7Clicker.jar.zip" | C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe | explorer.exe | ||||||||||||
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.2710.9 Modules
| |||||||||||||||
| 3588 | C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M | C:\Windows\System32\icacls.exe | — | javaw.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
Total events
414
Read events
413
Write events
1
Delete events
0
Modification events
| (PID) Process: | (2952) javaw.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication |
| Operation: | write | Name: | Name |
Value: Explorer.EXE | |||
Executable files
7
Suspicious files
1
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2952 | javaw.exe | C:\Users\admin\AppData\Local\Temp\jar_cache3047798014670264133.tmp | java | |
MD5:105B2B56BF43F91BAD6715211A407F6E | SHA256:D5F84AE5BC8B335C5A85D47EDC839425FF183C61F7A75AF60B39D762B807BE32 | |||
| 2952 | javaw.exe | C:\Users\admin\AppData\Local\Temp\jar_cache2891942920045679085.tmp | java | |
MD5:105B2B56BF43F91BAD6715211A407F6E | SHA256:D5F84AE5BC8B335C5A85D47EDC839425FF183C61F7A75AF60B39D762B807BE32 | |||
| 2952 | javaw.exe | C:\Users\admin\AppData\Local\Temp\jar_cache2064375601287589818.tmp | java | |
MD5:105B2B56BF43F91BAD6715211A407F6E | SHA256:D5F84AE5BC8B335C5A85D47EDC839425FF183C61F7A75AF60B39D762B807BE32 | |||
| 2952 | javaw.exe | C:\Users\admin\AppData\Local\Temp\JNativeHook-FCBC1DC5993F3B7C153159E29CD4364927BC9517.dll | executable | |
MD5:B4CE035F926531D6B4DFA8477C6477E4 | SHA256:F6FFEAD3B5F3DB5A7A00D1FEF874C3D3ED7ECF095DA2D981EBD691FDFA685716 | |||
| 2952 | javaw.exe | C:\Users\admin\AppData\Local\Temp\jar_cache5397226559643947061.tmp | java | |
MD5:750449A036AC74E64ECD8EC7BCEDD8B8 | SHA256:525BF16A7148328894604C48C1417F32795067C0C5CAABE465D85B38E93ACAA7 | |||
| 2952 | javaw.exe | C:\Users\admin\AppData\Local\Temp\jar_cache2547057581206279426.tmp | java | |
MD5:750449A036AC74E64ECD8EC7BCEDD8B8 | SHA256:525BF16A7148328894604C48C1417F32795067C0C5CAABE465D85B38E93ACAA7 | |||
| 2952 | javaw.exe | C:\Users\admin\AppData\Local\Temp\JNativeHook-3090609466095012782.dll | executable | |
MD5:B4CE035F926531D6B4DFA8477C6477E4 | SHA256:F6FFEAD3B5F3DB5A7A00D1FEF874C3D3ED7ECF095DA2D981EBD691FDFA685716 | |||
| 2952 | javaw.exe | C:\Users\admin\AppData\Local\Temp\+~JF8189878493304085664.tmp | binary | |
MD5:51B4A619FAB5E1A38643657191A85AA5 | SHA256:3329FFAF627F1AA8862880401FF964F0F59998B802B403C12593FDB865176831 | |||
| 2952 | javaw.exe | C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c8061.timestamp | text | |
MD5:3B6B0F7C28C60C73D58451B7C57D27FF | SHA256:389A856C4FC100F457319DA9FEB7C4E656D4D88459B65150355D3B15008439E4 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
820 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
1076 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |