Overview
overview
7Static
static
1EzExploit.rar
windows10-2004-x64
3EzExploit/config.yml
windows10-2004-x64
3EzExploit/...rd.jar
windows10-2004-x64
7EzExploit/...rd.bat
windows10-2004-x64
7EzExploit/modules.yml
windows10-2004-x64
3EzExploit/...rt.jar
windows10-2004-x64
7EzExploit/...nd.jar
windows10-2004-x64
7EzExploit/...st.jar
windows10-2004-x64
7EzExploit/...nd.jar
windows10-2004-x64
7EzExploit/...er.jar
windows10-2004-x64
7EzExploit/...ml.jar
windows10-2004-x64
7EzExploit/plugin.yml
windows10-2004-x64
3EzExploit/...ix.jar
windows10-2004-x64
7EzExploit/...ro.jar
windows10-2004-x64
1bungee.yml
windows10-2004-x64
3jutting/Bu....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/li....class
windows10-2004-x64
3jutting/li....class
windows10-2004-x64
3jutting/li....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3Analysis
-
max time kernel
159s -
max time network
270s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system -
submitted
02/11/2023, 15:01
Static task
static1
Behavioral task
behavioral1
Sample
EzExploit.rar
Resource
win10v2004-20231020-en
Behavioral task
behavioral2
Sample
EzExploit/config.yml
Resource
win10v2004-20231025-en
Behavioral task
behavioral3
Sample
EzExploit/ezexploit_standard.jar
Resource
win10v2004-20231020-en
Behavioral task
behavioral4
Sample
EzExploit/launch-standard.bat
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
EzExploit/modules.yml
Resource
win10v2004-20231020-en
Behavioral task
behavioral6
Sample
EzExploit/modules/cmd_alert.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
EzExploit/modules/cmd_find.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral8
Sample
EzExploit/modules/cmd_list.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
EzExploit/modules/cmd_send.jar
Resource
win10v2004-20231020-en
Behavioral task
behavioral10
Sample
EzExploit/modules/cmd_server.jar
Resource
win10v2004-20231020-en
Behavioral task
behavioral11
Sample
EzExploit/modules/reconnect_yaml.jar
Resource
win10v2004-20231025-en
Behavioral task
behavioral12
Sample
EzExploit/plugin.yml
Resource
win10v2004-20231020-en
Behavioral task
behavioral13
Sample
EzExploit/plugins/RconFix.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral14
Sample
EzExploit/plugins/VdsPro.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral15
Sample
bungee.yml
Resource
win10v2004-20231023-en
Behavioral task
behavioral16
Sample
jutting/BungeeHack.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral17
Sample
jutting/commands/ConnectCommand.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral18
Sample
jutting/commands/IPCommand.class
Resource
win10v2004-20231025-en
Behavioral task
behavioral19
Sample
jutting/commands/InfoCommand.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral20
Sample
jutting/commands/NameCommand.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral21
Sample
jutting/commands/UUIDCommand.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral22
Sample
jutting/listener/LoginListener.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral23
Sample
jutting/listener/PreLoginListener.class
Resource
win10v2004-20231025-en
Behavioral task
behavioral24
Sample
jutting/listener/ServerConnectListener.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral25
Sample
org/json/simple/ItemList.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral26
Sample
org/json/simple/JSONArray.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral27
Sample
org/json/simple/JSONAware.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral28
Sample
org/json/simple/JSONObject.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral29
Sample
org/json/simple/JSONStreamAware.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral30
Sample
org/json/simple/JSONValue.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral31
Sample
org/json/simple/parser/ContainerFactory.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral32
Sample
org/json/simple/parser/ContentHandler.class
Resource
win10v2004-20231023-en
General
-
Target
EzExploit/modules/reconnect_yaml.jar
-
Size
6KB
-
MD5
d1fde0d321918adc22002d9072ef23ca
-
SHA1
efd66687ec71fa74dd1e6bf438615214abb5fee9
-
SHA256
23147bfa63e2ac2add7c57480ab579f6a3d3b6091d480e712b610b1b9b79a4e4
-
SHA512
ba876f61d6484db3d441bd7004d03a5d6afa97085fd46d8684d6ba6648af083a4d6300a77f8e16dff754c63158f7be8ee9de81443ae06cb1259c3aed611fca85
-
SSDEEP
96:f6HZWp6AqfLNhLLO2cE/BZtit/violx5gSvnG0/KAuKNzLYsyusW4s7NqfyaDW:f650uzNhs4titiolB/GXALWsJsVM8PDW
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 4268 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2924 wrote to memory of 4268 2924 java.exe 88 PID 2924 wrote to memory of 4268 2924 java.exe 88
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\EzExploit\modules\reconnect_yaml.jar1⤵
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:4268
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD50f13b41a35049645eb395de3cacdff79
SHA1995586848dd801ebcb4f179d37e22dbdeffa7748
SHA25663586727f70a421bd51af33a0a16bef138f22c4b7615c59d5195f95dda47c6e1
SHA5120080ced2d151c7e5f01bbb269f46207afaac4aa486e32111c75519f84348eeb2d12a2cbe0a959d9e7ebdf1ab3e1d7d9aadb2af4b91048db97daab3cb67f2c252