URL:

http://kelio.restoria.fr/open/webstart/exploit.jnlp

Full analysis: https://app.any.run/tasks/e329a517-f811-49ae-ac08-726f7a274762
Verdict: Malicious activity
Analysis date: October 10, 2024, 12:55:31
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MD5:

7A68AA7947C498E049A00BFE19794584

SHA1:

774B6367166174595A807BBBDDFB700A83DAA9B5

SHA256:

F711CA28176408BA9E0A397AA24BA38DE7FC26EDEF2E5F0D1884C46DB87C8F52

SSDEEP:

3:N1KVAto1BVuO2iREMV:CqaVblV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Application launched itself

      • javaws.exe (PID: 7152)

    • Process requests binary or script from the Internet

      • jp2launcher.exe (PID: 7244)

    • Potential Corporate Privacy Violation

      • jp2launcher.exe (PID: 7244)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 6884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
167
Monitored processes
36
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs jp2launcher.exe no specs javaws.exe no specs javaw.exe no specs icacls.exe no specs conhost.exe no specs javaw.exe no specs javaw.exe no specs jucheck.exe javaws.exe no specs jp2launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs jp2launcher.exe no specs javaws.exe no specs javaw.exe no specs javaw.exe no specs javaw.exe no specs javaws.exe no specs jp2launcher.exe msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1196"C:\Program Files\Java\jre1.8.0_271\bin\jp2launcher.exe" -securejws "C:\Users\admin\Downloads\exploit.jnlp"C:\Program Files\Java\jre1.8.0_271\bin\jp2launcher.exemsedge.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Web Launcher
Exit code:
0
Version:
11.271.2.09
Modules
Images
c:\program files\java\jre1.8.0_271\bin\jp2launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\program files\java\jre1.8.0_271\bin\msvcp140.dll
c:\windows\system32\win32u.dll
c:\windows\system32\ucrtbase.dll
c:\program files\java\jre1.8.0_271\bin\vcruntime140.dll
c:\windows\system32\gdi32.dll
1452"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6004 --field-trial-handle=2424,i,7968325245063153569,17989683342131068901,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6880 --field-trial-handle=2424,i,7968325245063153569,17989683342131068901,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2280"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
javaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java Update Checker
Version:
2.8.271.9
Modules
Images
c:\program files (x86)\common files\java\java update\jucheck.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2708"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x300,0x304,0x308,0x2f8,0x310,0x7ffbc15b5fd8,0x7ffbc15b5fe4,0x7ffbc15b5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
3728"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2764 --field-trial-handle=2424,i,7968325245063153569,17989683342131068901,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
4676"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_2\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.271.2" "1728564954"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exejavaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5524"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6792 --field-trial-handle=2424,i,7968325245063153569,17989683342131068901,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6088"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_2\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.271.2" "update"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exejavaws.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6228"C:\Program Files\Java\jre1.8.0_271\bin\javaws.exe" -J-Djdk.disableLastUsageTracking=true -SSVBaselineUpdateC:\Program Files\Java\jre1.8.0_271\bin\javaws.exejucheck.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Web Start Launcher
Exit code:
0
Version:
11.271.2.09
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaws.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
12 898
Read events
12 701
Write events
164
Delete events
33

Modification events

(PID) Process:(6884) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
7ED1E72BB5822F00
(PID) Process:(6884) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A
Value:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
(PID) Process:(6884) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\Commands\on-logon-autolaunch
Operation:writeName:Enabled
Value:
0
(PID) Process:(6884) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles
Operation:writeName:EnhancedLinkOpeningDefault
Value:
Default
(PID) Process:(6884) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459322
Operation:writeName:WindowTabManagerFileMappingId
Value:
{31134DF0-430D-417D-9EE8-C113F6C9A2C3}
(PID) Process:(7088) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
0100000000000000DFF44EB9131BDB01
(PID) Process:(6884) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jnlp\OpenWithProgids
Operation:writeName:JNLPFile
Value:
(PID) Process:(6088) javaw.exeKey:HKEY_CURRENT_USER\SOFTWARE\JavaSoft\DeploymentProperties
Operation:writeName:deployment.modified.timestamp
Value:
1675955855080
(PID) Process:(6088) javaw.exeKey:HKEY_CURRENT_USER\SOFTWARE\JavaSoft\DeploymentProperties
Operation:writeName:deployment.roaming.profile
Value:
false
(PID) Process:(6088) javaw.exeKey:HKEY_CURRENT_USER\SOFTWARE\JavaSoft\DeploymentProperties
Operation:writeName:deployment.version
Value:
8
Executable files
36
Suspicious files
81
Text files
54
Unknown types
5

Dropped files

PID
Process
Filename
Type
6884msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF8b4c2.TMP
MD5:
SHA256:
6884msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF8b4b2.TMP
MD5:
SHA256:
6884msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6884msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6884msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF8b4c2.TMP
MD5:
SHA256:
6884msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6884msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF8b53f.TMP
MD5:
SHA256:
6884msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
6884msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF8b53f.TMP
MD5:
SHA256:
6884msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
53
TCP/UDP connections
94
DNS requests
43
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
104.79.89.142:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
81.255.53.40:80
http://kelio.restoria.fr/open/webstart/exploit.jnlp
unknown
unknown
4004
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2280
jucheck.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
6408
jp2launcher.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
6408
jp2launcher.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
6408
jp2launcher.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
6408
jp2launcher.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
184.86.251.31:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
5488
MoUsoCoreWorker.exe
104.79.89.142:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6944
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
239.255.255.250:1900
whitelisted
192.168.100.255:138
whitelisted
816
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 184.86.251.31
  • 184.86.251.7
  • 184.86.251.9
  • 184.86.251.4
  • 184.86.251.29
  • 184.86.251.8
  • 184.86.251.5
  • 184.86.251.30
  • 184.86.251.28
  • 104.126.37.130
  • 104.126.37.171
  • 104.126.37.136
  • 104.126.37.179
  • 104.126.37.186
  • 104.126.37.123
  • 104.126.37.131
  • 104.126.37.184
  • 104.126.37.178
whitelisted
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
whitelisted
www.microsoft.com
  • 104.79.89.142
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.142
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
kelio.restoria.fr
  • 81.255.53.40
malicious
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 2.16.164.120
  • 2.16.164.83
whitelisted

Threats

PID
Process
Class
Message
6408
jp2launcher.exe
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
6408
jp2launcher.exe
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
7244
jp2launcher.exe
A Network Trojan was detected
ET HUNTING suspicious - uncompressed pack200-ed JAR
7244
jp2launcher.exe
A Network Trojan was detected
ET HUNTING suspicious - uncompressed pack200-ed JAR
7244
jp2launcher.exe
A Network Trojan was detected
ET HUNTING suspicious - uncompressed pack200-ed JAR
7244
jp2launcher.exe
A Network Trojan was detected
ET HUNTING suspicious - uncompressed pack200-ed JAR
7244
jp2launcher.exe
A Network Trojan was detected
ET HUNTING suspicious - uncompressed pack200-ed JAR
7244
jp2launcher.exe
A Network Trojan was detected
ET HUNTING suspicious - uncompressed pack200-ed JAR
7244
jp2launcher.exe
A Network Trojan was detected
ET HUNTING suspicious - uncompressed pack200-ed JAR
7244
jp2launcher.exe
A Network Trojan was detected
ET HUNTING suspicious - uncompressed pack200-ed JAR
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://kelio.restoria.fr/open/webstart/exploit.jnlp