File name: | CiscoWebExServlet (1) |
Full analysis: | https://app.any.run/tasks/7d301656-7299-4feb-acce-14f8ac4f8555 |
Verdict: | Malicious activity |
Analysis date: | July 18, 2019, 00:29:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/xml |
File info: | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
MD5: | 6E9067B91644A2DA3DD14B68EEE49148 |
SHA1: | B3340C4E262670A362EE63A5B2BB68883C3FFF05 |
SHA256: | DD72D6F89F3281ECA34DAB728AE207457788030462A018E0C34640CB184F175A |
SSDEEP: | 24:2dzPZiaVHDGwylfPAZ8bZ9DVpwl0gDtprrJm:czPkSHuu8zVpwl0Up0 |
.jnlp | | | Java Web Start application descriptor (88.3) |
---|---|---|
.xml | | | Generic XML (ASCII) (11.6) |
JnlpApplication-descArgument: | aHR0cHM6Ly9pYm0ud2ViZXguY29tL2libS9qbWZfd2ViLnBocD9BVD1UQyZjb25maWQ9MTIxODg5NjY4NDIyNzA3MjE2JnVpZD01NDA1MzUyNzcmZmxhZz0wfDAmam5scD0xJmVtYWM9U0RKVFN3QUFBQVFWYjVVdklUUEhULXFyZHBqek9QTUxRTHQxYlFEQlY1R3B0bi1zblhJT0lBMg== |
---|---|
JnlpApplication-descMain-class: | JDownload |
JnlpResourcesJarMain: | |
JnlpResourcesJarHref: | atdwnld.jar |
JnlpResourcesJ2seHref: | http://java.sun.com/products/autodl/j2se |
JnlpResourcesJ2seVersion: | 1.7+ |
JnlpSecurityAll-permissions: | - |
JnlpUpdatePolicy: | always |
JnlpUpdateCheck: | always |
JnlpInformationOffline-allowed: | - |
JnlpInformationVendor: | Cisco System, Inc. |
JnlpInformationTitle: | WebEx Java-client |
JnlpCodebase: | https://ibm.webex.com/client/T33L/javaclient/training/ |
JnlpSpec: | 7.0+ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3852 | "C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe" "C:\Users\admin\AppData\Local\Temp\CiscoWebExServlet (1).jnlp" | C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe | — | explorer.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Web Start Launcher Exit code: 0 Version: 11.92.2.14 | ||||
2728 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.92.2" "later" | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | — | javaws.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.920.14 | ||||
3760 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.92.2" "1563409815" | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | — | javaws.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.920.14 | ||||
3476 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.92.2" "false" | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | — | javaws.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.920.14 | ||||
2224 | JavaWSSplashScreen -splash 49287 "C:\Program Files\Java\jre1.8.0_92\lib\deploy\splash.gif" | C:\Program Files\Java\jre1.8.0_92\bin\javaws.exe | javaws.exe | |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Web Start Launcher Exit code: 0 Version: 11.92.2.14 | ||||
2132 | "C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_92" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURqbmxweC5vcmlnRmlsZW5hbWVBcmc9QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXENpc2NvV2ViRXhTZXJ2bGV0ICgxKS5qbmxwAC1Eam5scHgucmVtb3ZlPXRydWUALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF85MlxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzkyXGxpYlxwbHVnaW4uamFyAC1Eam5scHguc3BsYXNocG9ydD00OTI4OQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfOTJcYmluXGphdmF3LmV4ZQ== -ma QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGphdmF3czI= | C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe | javaws.exe | |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Web Launcher Exit code: 0 Version: 11.92.2.14 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2132 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1e4433da-3b5c8cd8-temp | — | |
MD5:— | SHA256:— | |||
2132 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\615a51ff-77016488-temp | — | |
MD5:— | SHA256:— | |||
3476 | javaw.exe | C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log | text | |
MD5:A351CCBE19ECE898513B901B09AB70F0 | SHA256:9E2CA8365D525CD77346063011EA1C5FD85F73C3BD7C338858EEC5921C2AC644 | |||
2132 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1e4433da-3b5c8cd8 | xml | |
MD5:6E9067B91644A2DA3DD14B68EEE49148 | SHA256:DD72D6F89F3281ECA34DAB728AE207457788030462A018E0C34640CB184F175A | |||
2728 | javaw.exe | C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log | text | |
MD5:A3C243C01A903D431C573E78AD03FDE6 | SHA256:B966C32D08293797B33BC494633F79144C50C5A0C35F666EE136DF92379EF26E | |||
2132 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\615a51ff-77016488 | java | |
MD5:AF78469FA4AE5455EF5BBF6CD0E5A110 | SHA256:DB03836F92B718BDF9E511971E706D996D3E639701D28B109E86E804B29F1F5F | |||
2132 | jp2launcher.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:3C4A00F2D8C47D26AE103EF1AA217B66 | SHA256:D69328141257CA1A4B49ED9A6B3A4E73101E823F9FEAC4DEADDF38A430081DCD | |||
3476 | javaw.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:879DF8A2A1C4E2E9B0FB0876B1812A89 | SHA256:CDAB810D7F81C863C3242857643E943DB4BFB0C6A5B9EE017564562711F1FBF5 | |||
2132 | jp2launcher.exe | C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1e4433da-8470fc9fb704f22a088d390558fe23d936b61a176b55121f8b4bc39716cfc714-6.0.lap | text | |
MD5:69DBB913ECBA11AD77BE765A5FA4E6A5 | SHA256:8077370C49BDF72407D5D9141E44F2FB1B83BBC964B502E368DF0F1ECFC53E50 | |||
2728 | javaw.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:ECF75EBD38863F229A39DD29BC27D3E3 | SHA256:5A71FC7E957C5DE9B40390D0C0F059803D3477371CA088C5CAE4934C8CD5D9C0 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2132 | jp2launcher.exe | POST | 200 | 35.158.10.169:80 | http://ocsp.quovadisglobal.com/ | DE | der | 1.80 Kb | whitelisted |
2132 | jp2launcher.exe | POST | 200 | 23.37.43.27:80 | http://sv.symcd.com/ | NL | der | 1.57 Kb | shared |
2132 | jp2launcher.exe | POST | 200 | 35.158.10.169:80 | http://ocsp.quovadisglobal.com/ | DE | der | 1.78 Kb | whitelisted |
2132 | jp2launcher.exe | POST | 200 | 23.37.43.27:80 | http://s2.symcb.com/ | NL | der | 1.71 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2132 | jp2launcher.exe | 35.158.10.169:80 | ocsp.quovadisglobal.com | Amazon.com, Inc. | DE | whitelisted |
2132 | jp2launcher.exe | 66.114.168.199:443 | ibm.webex.com | Cisco Webex LLC | US | unknown |
2132 | jp2launcher.exe | 23.37.43.27:80 | s2.symcb.com | Akamai Technologies, Inc. | NL | whitelisted |
Domain | IP | Reputation |
---|---|---|
ibm.webex.com |
| unknown |
ocsp.quovadisglobal.com |
| whitelisted |
s2.symcb.com |
| whitelisted |
sv.symcd.com |
| shared |