Overview

overview

7

Static

static

1

EzExploit.rar

windows10-2004-x64

3

EzExploit/config.yml

windows10-2004-x64

3

EzExploit/...rd.jar

windows10-2004-x64

7

EzExploit/...rd.bat

windows10-2004-x64

7

EzExploit/modules.yml

windows10-2004-x64

3

EzExploit/...rt.jar

windows10-2004-x64

7

EzExploit/...nd.jar

windows10-2004-x64

7

EzExploit/...st.jar

windows10-2004-x64

7

EzExploit/...nd.jar

windows10-2004-x64

7

EzExploit/...er.jar

windows10-2004-x64

7

EzExploit/...ml.jar

windows10-2004-x64

7

EzExploit/plugin.yml

windows10-2004-x64

3

EzExploit/...ix.jar

windows10-2004-x64

7

EzExploit/...ro.jar

windows10-2004-x64

1

bungee.yml

windows10-2004-x64

3

jutting/Bu....class

windows10-2004-x64

3

jutting/co....class

windows10-2004-x64

3

jutting/co....class

windows10-2004-x64

3

jutting/co....class

windows10-2004-x64

3

jutting/co....class

windows10-2004-x64

3

jutting/co....class

windows10-2004-x64

3

jutting/li....class

windows10-2004-x64

3

jutting/li....class

windows10-2004-x64

3

jutting/li....class

windows10-2004-x64

3

org/json/s....class

windows10-2004-x64

3

org/json/s....class

windows10-2004-x64

3

org/json/s....class

windows10-2004-x64

3

org/json/s....class

windows10-2004-x64

3

org/json/s....class

windows10-2004-x64

3

org/json/s....class

windows10-2004-x64

3

org/json/s....class

windows10-2004-x64

3

org/json/s....class

windows10-2004-x64

3

Resubmissions

02/11/2023, 15:01

231102-sdwxkafe89 7

02/11/2023, 14:58

231102-scexnade9x 7

Analysis

  • max time kernel
    159s
  • max time network
    270s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2023, 15:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EzExploit/modules/reconnect_yaml.jar

  • Size

    6KB

  • MD5

    d1fde0d321918adc22002d9072ef23ca

  • SHA1

    efd66687ec71fa74dd1e6bf438615214abb5fee9

  • SHA256

    23147bfa63e2ac2add7c57480ab579f6a3d3b6091d480e712b610b1b9b79a4e4

  • SHA512

    ba876f61d6484db3d441bd7004d03a5d6afa97085fd46d8684d6ba6648af083a4d6300a77f8e16dff754c63158f7be8ee9de81443ae06cb1259c3aed611fca85

  • SSDEEP

    96:f6HZWp6AqfLNhLLO2cE/BZtit/violx5gSvnG0/KAuKNzLYsyusW4s7NqfyaDW:f650uzNhs4titiolB/GXALWsJsVM8PDW

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\EzExploit\modules\reconnect_yaml.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:4268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    0f13b41a35049645eb395de3cacdff79

    SHA1

    995586848dd801ebcb4f179d37e22dbdeffa7748

    SHA256

    63586727f70a421bd51af33a0a16bef138f22c4b7615c59d5195f95dda47c6e1

    SHA512

    0080ced2d151c7e5f01bbb269f46207afaac4aa486e32111c75519f84348eeb2d12a2cbe0a959d9e7ebdf1ab3e1d7d9aadb2af4b91048db97daab3cb67f2c252

    Download Submit

  • memory/2924-4-0x000001F9B2D70000-0x000001F9B3D70000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2924-12-0x000001F9B1510000-0x000001F9B1511000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2924-13-0x000001F9B2D70000-0x000001F9B3D70000-memory.dmp

    Filesize

    16.0MB

    Download