Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Fattura.jar
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
 |
|
|
C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hsperfdata_user\7456
|
data
|
dropped
|
||
|
C:\cmdlinestart.log
|
ASCII text, with CRLF line terminators, with escape sequences
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar"
-jar "C:\Users\user\Desktop\Fattura.jar"" >> C:\cmdlinestart.log 2>&1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
"C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\Fattura.jar"
|
||
|
C:\Windows\SysWOW64\icacls.exe
|
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://java.oracle.com/
|
unknown
|
||
|
http://null.oracle.com/
|
unknown
|
||
|
http://bugreport.sun.com/bugreport/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
8.tcp.eu.ngrok.io
|
3.124.154.255
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
3.124.154.255
|
8.tcp.eu.ngrok.io
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4DD9000
|
trusted library allocation
|
page read and write
|
||
|
4B80000
|
trusted library allocation
|
page read and write
|
||
|
A0E8000
|
trusted library allocation
|
page read and write
|
||
|
4A64000
|
trusted library allocation
|
page read and write
|
||
|
16640000
|
heap
|
page read and write
|
||
|
4AD8000
|
trusted library allocation
|
page read and write
|
||
|
4A67000
|
trusted library allocation
|
page read and write
|
||
|
15DE0000
|
heap
|
page read and write
|
||
|
4B17000
|
trusted library allocation
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
4CC5000
|
trusted library allocation
|
page read and write
|
||
|
162CE000
|
unkown
|
page read and write
|
||
|
14E62000
|
heap
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
1623E000
|
unkown
|
page read and write
|
||
|
EA0000
|
trusted library allocation
|
page read and write
|
||
|
4A29000
|
trusted library allocation
|
page read and write
|
||
|
4D9B000
|
trusted library allocation
|
page read and write
|
||
|
150E4000
|
heap
|
page read and write
|
||
|
4A53000
|
trusted library allocation
|
page read and write
|
||
|
15B10000
|
trusted library allocation
|
page read and write
|
||
|
87C000
|
stack
|
page read and write
|
||
|
9FFF000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
4DE6000
|
trusted library allocation
|
page read and write
|
||
|
157E5000
|
heap
|
page read and write
|
||
|
4AA7000
|
trusted library allocation
|
page read and write
|
||
|
15E2D000
|
stack
|
page read and write
|
||
|
15E30000
|
heap
|
page read and write
|
||
|
286B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DAB000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
4AC9000
|
trusted library allocation
|
page read and write
|
||
|
4ACF000
|
trusted library allocation
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
4A59000
|
trusted library allocation
|
page read and write
|
||
|
4DDE000
|
trusted library allocation
|
page read and write
|
||
|
DF5000
|
heap
|
page read and write
|
||
|
4AE7000
|
trusted library allocation
|
page read and write
|
||
|
1524B000
|
heap
|
page read and write
|
||
|
155D0000
|
heap
|
page read and write
|
||
|
15E40000
|
heap
|
page read and write
|
||
|
4B36000
|
trusted library allocation
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
2D18000
|
heap
|
page read and write
|
||
|
2820000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A0F000
|
trusted library allocation
|
page read and write
|
||
|
4DA9000
|
trusted library allocation
|
page read and write
|
||
|
A33E000
|
trusted library allocation
|
page read and write
|
||
|
15392000
|
heap
|
page read and write
|
||
|
4DD7000
|
trusted library allocation
|
page read and write
|
||
|
150F2000
|
heap
|
page read and write
|
||
|
F8B000
|
heap
|
page read and write
|
||
|
1593C000
|
heap
|
page read and write
|
||
|
4B6B000
|
trusted library allocation
|
page read and write
|
||
|
4ADD000
|
trusted library allocation
|
page read and write
|
||
|
2C7D000
|
stack
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
1671A000
|
heap
|
page read and write
|
||
|
16600000
|
trusted library allocation
|
page read and write
|
||
|
14A00000
|
trusted library allocation
|
page read and write
|
||
|
4A22000
|
trusted library allocation
|
page read and write
|
||
|
4F28000
|
trusted library allocation
|
page read and write
|
||
|
160CD000
|
stack
|
page read and write
|
||
|
4CE1000
|
trusted library allocation
|
page read and write
|
||
|
4B26000
|
trusted library allocation
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
E90000
|
unkown
|
page read and write
|
||
|
4CDE000
|
trusted library allocation
|
page read and write
|
||
|
4AE5000
|
trusted library allocation
|
page read and write
|
||
|
4B73000
|
trusted library allocation
|
page read and write
|
||
|
4A69000
|
trusted library allocation
|
page read and write
|
||
|
4A4F000
|
trusted library allocation
|
page read and write
|
||
|
153F3000
|
heap
|
page read and write
|
||
|
4B84000
|
trusted library allocation
|
page read and write
|
||
|
4ABA000
|
trusted library allocation
|
page read and write
|
||
|
4D99000
|
trusted library allocation
|
page read and write
|
||
|
4B12000
|
trusted library allocation
|
page read and write
|
||
|
4A55000
|
trusted library allocation
|
page read and write
|
||
|
153D2000
|
heap
|
page read and write
|
||
|
154AD000
|
unkown
|
page read and write
|
||
|
4A24000
|
trusted library allocation
|
page read and write
|
||
|
301F000
|
stack
|
page read and write
|
||
|
14EEE000
|
unkown
|
page read and write
|
||
|
1521E000
|
unkown
|
page read and write
|
||
|
15104000
|
heap
|
page read and write
|
||
|
4DE4000
|
trusted library allocation
|
page read and write
|
||
|
4AB3000
|
trusted library allocation
|
page read and write
|
||
|
155D1000
|
heap
|
page read and write
|
||
|
4A34000
|
trusted library allocation
|
page read and write
|
||
|
92C000
|
stack
|
page read and write
|
||
|
4A2B000
|
trusted library allocation
|
page read and write
|
||
|
4A1C000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
A0FD000
|
trusted library allocation
|
page read and write
|
||
|
156D7000
|
heap
|
page read and write
|
||
|
4B7E000
|
trusted library allocation
|
page read and write
|
||
|
4AF6000
|
trusted library allocation
|
page read and write
|
||
|
285A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1553E000
|
unkown
|
page read and write
|
||
|
A03C000
|
trusted library allocation
|
page read and write
|
||
|
4F35000
|
trusted library allocation
|
page read and write
|
||
|
4CC7000
|
trusted library allocation
|
page read and write
|
||
|
4A6C000
|
trusted library allocation
|
page read and write
|
||
|
1560F000
|
heap
|
page read and write
|
||
|
4B15000
|
trusted library allocation
|
page read and write
|
||
|
4ACB000
|
trusted library allocation
|
page read and write
|
||
|
4AB5000
|
trusted library allocation
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
4A31000
|
trusted library allocation
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
4B47000
|
trusted library allocation
|
page read and write
|
||
|
4A09000
|
trusted library allocation
|
page read and write
|
||
|
1611E000
|
unkown
|
page read and write
|
||
|
4A0C000
|
trusted library allocation
|
page read and write
|
||
|
2C3D000
|
stack
|
page read and write
|
||
|
157DC000
|
heap
|
page read and write
|
||
|
4A48000
|
trusted library allocation
|
page read and write
|
||
|
4A5C000
|
trusted library allocation
|
page read and write
|
||
|
2822000
|
trusted library allocation
|
page execute and read and write
|
||
|
A0AE000
|
trusted library allocation
|
page read and write
|
||
|
4A37000
|
trusted library allocation
|
page read and write
|
||
|
4B66000
|
trusted library allocation
|
page read and write
|
||
|
15C9E000
|
unkown
|
page read and write
|
||
|
4A02000
|
trusted library allocation
|
page read and write
|
||
|
4ECF000
|
trusted library allocation
|
page read and write
|
||
|
4A3A000
|
trusted library allocation
|
page read and write
|
||
|
4A00000
|
trusted library allocation
|
page read and write
|
||
|
4EC4000
|
trusted library allocation
|
page read and write
|
||
|
499D000
|
stack
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
153D7000
|
heap
|
page read and write
|
||
|
4B3A000
|
trusted library allocation
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
9FEA000
|
trusted library allocation
|
page read and write
|
||
|
28B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
151CD000
|
stack
|
page read and write
|
||
|
4B9D000
|
trusted library allocation
|
page read and write
|
||
|
9F50000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
153CD000
|
heap
|
page read and write
|
||
|
4CD7000
|
trusted library allocation
|
page read and write
|
||
|
4AB7000
|
trusted library allocation
|
page read and write
|
||
|
4A3F000
|
trusted library allocation
|
page read and write
|
||
|
4ABF000
|
trusted library allocation
|
page read and write
|
||
|
4CCD000
|
trusted library allocation
|
page read and write
|
||
|
103A000
|
heap
|
page read and write
|
||
|
4B23000
|
trusted library allocation
|
page read and write
|
||
|
4CCA000
|
trusted library allocation
|
page read and write
|
||
|
4DB0000
|
trusted library allocation
|
page read and write
|
||
|
161ED000
|
stack
|
page read and write
|
||
|
4A17000
|
trusted library allocation
|
page read and write
|
||
|
4F4C000
|
trusted library allocation
|
page read and write
|
||
|
15270000
|
heap
|
page read and write
|
||
|
4AD5000
|
trusted library allocation
|
page read and write
|
||
|
166BF000
|
heap
|
page read and write
|
||
|
9FD8000
|
trusted library allocation
|
page read and write
|
||
|
150FC000
|
heap
|
page read and write
|
||
|
1627D000
|
stack
|
page read and write
|
||
|
4ADF000
|
trusted library allocation
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
4B3D000
|
trusted library allocation
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
4A5E000
|
trusted library allocation
|
page read and write
|
||
|
4A43000
|
trusted library allocation
|
page read and write
|
||
|
4DB3000
|
trusted library allocation
|
page read and write
|
||
|
2862000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DA3000
|
trusted library allocation
|
page read and write
|
||
|
9FE6000
|
trusted library allocation
|
page read and write
|
||
|
1582A000
|
heap
|
page read and write
|
||
|
4A04000
|
trusted library allocation
|
page read and write
|
||
|
4B70000
|
trusted library allocation
|
page read and write
|
||
|
1615D000
|
stack
|
page read and write
|
||
|
4C22000
|
trusted library allocation
|
page read and write
|
||
|
15040000
|
heap
|
page read and write
|
||
|
F9A000
|
heap
|
page read and write
|
||
|
4A1E000
|
trusted library allocation
|
page read and write
|
||
|
4B42000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
4A46000
|
trusted library allocation
|
page read and write
|
||
|
A001000
|
trusted library allocation
|
page read and write
|
||
|
15309000
|
heap
|
page read and write
|
||
|
14E9D000
|
stack
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
2D29000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
4A2E000
|
trusted library allocation
|
page read and write
|
||
|
4A6E000
|
trusted library allocation
|
page read and write
|
||
|
28C4000
|
trusted library allocation
|
page execute and read and write
|
||
|
49EE000
|
unkown
|
page read and write
|
||
|
4B68000
|
trusted library allocation
|
page read and write
|
||
|
4B33000
|
trusted library allocation
|
page read and write
|
||
|
15E44000
|
heap
|
page read and write
|
||
|
4B40000
|
trusted library allocation
|
page read and write
|
||
|
F37000
|
heap
|
page read and write
|
||
|
4DAD000
|
trusted library allocation
|
page read and write
|
||
|
4A27000
|
trusted library allocation
|
page read and write
|
||
|
4B77000
|
trusted library allocation
|
page read and write
|
||
|
4F21000
|
trusted library allocation
|
page read and write
|
||
|
4AD1000
|
trusted library allocation
|
page read and write
|
||
|
4DEC000
|
trusted library allocation
|
page read and write
|
||
|
4B6E000
|
trusted library allocation
|
page read and write
|
||
|
15C4D000
|
stack
|
page read and write
|
||
|
15F40000
|
trusted library allocation
|
page read and write
|
||
|
4B64000
|
trusted library allocation
|
page read and write
|
||
|
2873000
|
trusted library allocation
|
page execute and read and write
|
||
|
A338000
|
trusted library allocation
|
page read and write
|
||
|
28BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BD9000
|
trusted library allocation
|
page read and write
|
||
|
4CC3000
|
trusted library allocation
|
page read and write
|
||
|
4A14000
|
trusted library allocation
|
page read and write
|
||
|
4AF4000
|
trusted library allocation
|
page read and write
|
||
|
16089000
|
unkown
|
page read and write
|
||
|
16440000
|
trusted library allocation
|
page read and write
|
||
|
4A07000
|
trusted library allocation
|
page read and write
|
||
|
4ABD000
|
trusted library allocation
|
page read and write
|
||
|
4F2D000
|
trusted library allocation
|
page read and write
|
||
|
4D9E000
|
trusted library allocation
|
page read and write
|
||
|
4A3D000
|
trusted library allocation
|
page read and write
|
||
|
4B7A000
|
trusted library allocation
|
page read and write
|
||
|
4A4D000
|
trusted library allocation
|
page read and write
|
||
|
4EBB000
|
trusted library allocation
|
page read and write
|
||
|
4CD9000
|
trusted library allocation
|
page read and write
|
||
|
4B08000
|
trusted library allocation
|
page read and write
|
||
|
15220000
|
heap
|
page read and write
|
||
|
161AE000
|
unkown
|
page read and write
|
||
|
1545D000
|
stack
|
page read and write
|
||
|
4A19000
|
trusted library allocation
|
page read and write
|
||
|
4B38000
|
trusted library allocation
|
page read and write
|
||
|
4A4B000
|
trusted library allocation
|
page read and write
|
||
|
4DDC000
|
trusted library allocation
|
page read and write
|
||
|
165F0000
|
trusted library allocation
|
page read and write
|
||
|
154ED000
|
stack
|
page read and write
|
||
|
4A74000
|
trusted library allocation
|
page read and write
|
||
|
D6E000
|
stack
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
4B7C000
|
trusted library allocation
|
page read and write
|
||
|
4B4A000
|
trusted library allocation
|
page read and write
|
||
|
4DA6000
|
trusted library allocation
|
page read and write
|
||
|
4CDB000
|
trusted library allocation
|
page read and write
|
||
|
4AC5000
|
trusted library allocation
|
page read and write
|
||
|
48B0000
|
trusted library allocation
|
page read and write
|
||
|
16540000
|
trusted library allocation
|
page read and write
|
There are 234 hidden memdumps, click here to show them.