| Source: Fattura (4).jar |
ReversingLabs: Detection: 31% |
| Source: Submited Sample |
Integrated Neural Analysis Model: Matched 88.7% probability |
| Source: global traffic |
TCP traffic: 192.168.2.7:49726 -> 116.203.56.216:33381 |
| Source: Network traffic |
Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.7:49818 |
| Source: Network traffic |
Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.7:50065 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic |
DNS traffic detected: DNS query: de4.localto.net |
| Source: java.exe, 00000002.00000002.2568115869.00000000097F7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://bugreport.sun.com/bugreport/ |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2568115869.000000000984F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2570107892.0000000015119000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2568115869.000000000984F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2568115869.000000000984F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2568115869.000000000984F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2568115869.000000000984F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2570107892.0000000015119000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2568115869.000000000984F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2568115869.000000000984F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2570107892.0000000015119000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
| Source: java.exe, 00000002.00000002.2568115869.0000000009750000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://java.oracle.com/ |
| Source: java.exe, 00000002.00000002.2569806424.0000000014BEB000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.2570107892.0000000015180000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.2568115869.0000000009A10000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.1402843770.0000000014C14000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://null.oracle.com/ |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2568115869.000000000984F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2568115869.000000000984F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2570107892.0000000015119000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
| Source: java.exe, 00000002.00000002.2568115869.0000000009916000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2568115869.000000000984F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0X |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_0211F5EB |
2_2_0211F5EB |
| Source: classification engine |
Classification label: mal60.winJAR@7/3@1/1 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Mutant created: NULL |
| Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3800:120:WilError_03 |
| Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1396:120:WilError_03 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
File created: C:\Users\user~1\AppData\Local\Temp\hsperfdata_user |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
| Source: Fattura (4).jar |
ReversingLabs: Detection: 31% |
| Source: java.exe |
String found in binary or memory: 0$h`[Lsun/launcher/LauncherHelper; |
| Source: java.exe |
String found in binary or memory: sun/launcher/ |
| Source: java.exe |
String found in binary or memory: $sun/launcher/LauncherHelper$StdArg |
| Source: java.exe |
String found in binary or memory: Hsun/launcher/LauncherHelper$SizePrefix |
| Source: java.exe |
String found in binary or memory: Bsun/launcher/LauncherHelper$ResourceBundleHolder& |
| Source: java.exe |
String found in binary or memory: JLjava/lang/Enum<Lsun/launcher/LauncherHelper;>; |
| Source: java.exe |
String found in binary or memory: Lsun/launcher/LauncherHelper; |
| Source: java.exe |
String found in binary or memory: Q()[Lsun/launcher/LauncherHelper;' |
| Source: java.exe |
String found in binary or memory: (Ljava/lang/String;)Lsun/launcher/LauncherHelper; |
| Source: java.exe |
String found in binary or memory: hq(Ljava/util/List<Lsun/launcher/LauncherHelper$StdArg;>;)[Ljava/lang/String; |
| Source: java.exe |
String found in binary or memory: .in-addr.arpa |
| Source: unknown |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user~1\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\Fattura (4).jar"" >> C:\cmdlinestart.log 2>&1 |
|
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user~1\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\Fattura (4).jar" |
|
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M |
|
| Source: C:\Windows\SysWOW64\icacls.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user~1\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\Fattura (4).jar" |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M |
Jump to behavior |
| Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: wsock32.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: winmm.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\icacls.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_3_151D27E2 push eax; ret |
2_3_151D27E9 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_3_151D27E2 push eax; ret |
2_3_151D27E9 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02123292 push es; retn 0005h |
2_2_02123297 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_02123318 push es; retf |
2_2_02123323 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_021217BE push cs; iretd |
2_2_021217BF |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_0207D8F7 push 00000000h; mov dword ptr [esp], esp |
2_2_0207D921 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_0207A20A push ecx; ret |
2_2_0207A21A |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_0207A21B push ecx; ret |
2_2_0207A225 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_0207BB67 push 00000000h; mov dword ptr [esp], esp |
2_2_0207BB8D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_0207B3B7 push 00000000h; mov dword ptr [esp], esp |
2_2_0207B3DD |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_0207D8E0 push 00000000h; mov dword ptr [esp], esp |
2_2_0207D921 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_0207B947 push 00000000h; mov dword ptr [esp], esp |
2_2_0207B96D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_0207C477 push 00000000h; mov dword ptr [esp], esp |
2_2_0207C49D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M |
| Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
| Source: java.exe, 00000002.00000003.1341647834.0000000014665000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK |
| Source: java.exe, 00000002.00000003.1341647834.0000000014665000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK |
| Source: java.exe, 00000002.00000002.2561531756.00000000006AB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: [Ljava/lang/VirtualMachineError; |
| Source: java.exe, 00000002.00000002.2561531756.00000000006AB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllgJ- |
| Source: java.exe, 00000002.00000003.1341647834.0000000014665000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: org/omg/CORBA/OMGVMCID.classPK |
| Source: java.exe, 00000002.00000002.2561531756.00000000006AB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: cjava/lang/VirtualMachineError |
| Source: java.exe, 00000002.00000003.1341647834.0000000014665000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: java/lang/VirtualMachineError.classPK |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_021192F8 LdrInitializeThunk,LdrInitializeThunk, |
2_2_021192F8 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Memory protected: page read and write | page guard |
Jump to behavior |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user~1\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\Fattura (4).jar" |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Code function: 2_2_020703C0 cpuid |
2_2_020703C0 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\4236 VolumeInformation |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformation |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar VolumeInformation |
Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar VolumeInformation |
Jump to behavior |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet