Overview
overview
7Static
static
1EzExploit/...rd.jar
windows7-x64
1EzExploit/...rd.jar
windows10-2004-x64
7EzExploit/...rd.bat
windows7-x64
1EzExploit/...rd.bat
windows10-2004-x64
7EzExploit/...rt.jar
windows7-x64
1EzExploit/...rt.jar
windows10-2004-x64
7EzExploit/...nd.jar
windows7-x64
1EzExploit/...nd.jar
windows10-2004-x64
7EzExploit/...st.jar
windows7-x64
1EzExploit/...st.jar
windows10-2004-x64
7EzExploit/...nd.jar
windows7-x64
1EzExploit/...nd.jar
windows10-2004-x64
7EzExploit/...er.jar
windows7-x64
1EzExploit/...er.jar
windows10-2004-x64
7EzExploit/...ml.jar
windows7-x64
1EzExploit/...ml.jar
windows10-2004-x64
7EzExploit/...ix.jar
windows7-x64
1EzExploit/...ix.jar
windows10-2004-x64
7Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
02/11/2023, 14:58
Static task
static1
Behavioral task
behavioral1
Sample
EzExploit/ezexploit_standard.jar
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
EzExploit/ezexploit_standard.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
EzExploit/launch-standard.bat
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
EzExploit/launch-standard.bat
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
EzExploit/modules/cmd_alert.jar
Resource
win7-20231023-en
Behavioral task
behavioral6
Sample
EzExploit/modules/cmd_alert.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
EzExploit/modules/cmd_find.jar
Resource
win7-20231020-en
Behavioral task
behavioral8
Sample
EzExploit/modules/cmd_find.jar
Resource
win10v2004-20231020-en
Behavioral task
behavioral9
Sample
EzExploit/modules/cmd_list.jar
Resource
win7-20231023-en
Behavioral task
behavioral10
Sample
EzExploit/modules/cmd_list.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
EzExploit/modules/cmd_send.jar
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
EzExploit/modules/cmd_send.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral13
Sample
EzExploit/modules/cmd_server.jar
Resource
win7-20231025-en
Behavioral task
behavioral14
Sample
EzExploit/modules/cmd_server.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral15
Sample
EzExploit/modules/reconnect_yaml.jar
Resource
win7-20231020-en
Behavioral task
behavioral16
Sample
EzExploit/modules/reconnect_yaml.jar
Resource
win10v2004-20231020-en
Behavioral task
behavioral17
Sample
EzExploit/plugins/RconFix.jar
Resource
win7-20231020-en
Behavioral task
behavioral18
Sample
EzExploit/plugins/RconFix.jar
Resource
win10v2004-20231023-en
General
-
Target
EzExploit/launch-standard.bat
-
Size
45B
-
MD5
94c75b944240c0176898696f27116665
-
SHA1
a50fe41985615ab67d65f00cb51deef76715def9
-
SHA256
874f32053f82fcc17168d294d239fedf256958cc9ca90176153a8eb62886b4be
-
SHA512
e6f6c83870c228bcd6f42af05c0e7cc29c9b79095ccbbf63719d3b700191809e1d5741958c56d0d6f5e0adc5d9cc34f00d9f2a0c71516330fbe6f2aa32a70aa4
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 3236 icacls.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 728 wrote to memory of 1916 728 cmd.exe 87 PID 728 wrote to memory of 1916 728 cmd.exe 87 PID 1916 wrote to memory of 3236 1916 java.exe 88 PID 1916 wrote to memory of 3236 1916 java.exe 88
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\EzExploit\launch-standard.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:728 -
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar ezexploit_standard.jar2⤵
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M3⤵
- Modifies file permissions
PID:3236
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5c8713d76acdc120632e5e4260198c0a3
SHA113a5a6111ffac6dce7fe793aa957188c9f1856d5
SHA256227953ecf18e545ca74d82ce1f3e2cb0fd1abd975bd060f866ade38d0fabaf6d
SHA512001552b03cc6d0d7af86453629ab73309c34a0f30ceb5f08f640183046e70eb80cd65855d9db962a22e3900622f9f2d0652336197a54a9a51bd9515dc7608765