Overview

overview

7

Static

static

1

EzExploit/...rd.jar

windows7-x64

1

EzExploit/...rd.jar

windows10-2004-x64

7

EzExploit/...rd.bat

windows7-x64

1

EzExploit/...rd.bat

windows10-2004-x64

7

EzExploit/...rt.jar

windows7-x64

1

EzExploit/...rt.jar

windows10-2004-x64

7

EzExploit/...nd.jar

windows7-x64

1

EzExploit/...nd.jar

windows10-2004-x64

7

EzExploit/...st.jar

windows7-x64

1

EzExploit/...st.jar

windows10-2004-x64

7

EzExploit/...nd.jar

windows7-x64

1

EzExploit/...nd.jar

windows10-2004-x64

7

EzExploit/...er.jar

windows7-x64

1

EzExploit/...er.jar

windows10-2004-x64

7

EzExploit/...ml.jar

windows7-x64

1

EzExploit/...ml.jar

windows10-2004-x64

7

EzExploit/...ix.jar

windows7-x64

1

EzExploit/...ix.jar

windows10-2004-x64

7

Resubmissions

02/11/2023, 15:01

231102-sdwxkafe89 7

02/11/2023, 14:58

231102-scexnade9x 7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2023, 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EzExploit/launch-standard.bat

  • Size

    45B

  • MD5

    94c75b944240c0176898696f27116665

  • SHA1

    a50fe41985615ab67d65f00cb51deef76715def9

  • SHA256

    874f32053f82fcc17168d294d239fedf256958cc9ca90176153a8eb62886b4be

  • SHA512

    e6f6c83870c228bcd6f42af05c0e7cc29c9b79095ccbbf63719d3b700191809e1d5741958c56d0d6f5e0adc5d9cc34f00d9f2a0c71516330fbe6f2aa32a70aa4

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\EzExploit\launch-standard.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:728
    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
      java -jar ezexploit_standard.jar
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1916
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:3236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    c8713d76acdc120632e5e4260198c0a3

    SHA1

    13a5a6111ffac6dce7fe793aa957188c9f1856d5

    SHA256

    227953ecf18e545ca74d82ce1f3e2cb0fd1abd975bd060f866ade38d0fabaf6d

    SHA512

    001552b03cc6d0d7af86453629ab73309c34a0f30ceb5f08f640183046e70eb80cd65855d9db962a22e3900622f9f2d0652336197a54a9a51bd9515dc7608765

    Download Submit

  • memory/1916-4-0x000001E000000000-0x000001E001000000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1916-11-0x000001E070DA0000-0x000001E070DA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1916-13-0x000001E000000000-0x000001E001000000-memory.dmp

    Filesize

    16.0MB

    Download