Overview
overview
7Static
static
1EzExploit.rar
windows10-2004-x64
3EzExploit/config.yml
windows10-2004-x64
3EzExploit/...rd.jar
windows10-2004-x64
7EzExploit/...rd.bat
windows10-2004-x64
7EzExploit/modules.yml
windows10-2004-x64
3EzExploit/...rt.jar
windows10-2004-x64
7EzExploit/...nd.jar
windows10-2004-x64
7EzExploit/...st.jar
windows10-2004-x64
7EzExploit/...nd.jar
windows10-2004-x64
7EzExploit/...er.jar
windows10-2004-x64
7EzExploit/...ml.jar
windows10-2004-x64
7EzExploit/plugin.yml
windows10-2004-x64
3EzExploit/...ix.jar
windows10-2004-x64
7EzExploit/...ro.jar
windows10-2004-x64
1bungee.yml
windows10-2004-x64
3jutting/Bu....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/li....class
windows10-2004-x64
3jutting/li....class
windows10-2004-x64
3jutting/li....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
269s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
02/11/2023, 15:01
Static task
static1
Behavioral task
behavioral1
Sample
EzExploit.rar
Resource
win10v2004-20231020-en
Behavioral task
behavioral2
Sample
EzExploit/config.yml
Resource
win10v2004-20231025-en
Behavioral task
behavioral3
Sample
EzExploit/ezexploit_standard.jar
Resource
win10v2004-20231020-en
Behavioral task
behavioral4
Sample
EzExploit/launch-standard.bat
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
EzExploit/modules.yml
Resource
win10v2004-20231020-en
Behavioral task
behavioral6
Sample
EzExploit/modules/cmd_alert.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
EzExploit/modules/cmd_find.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral8
Sample
EzExploit/modules/cmd_list.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
EzExploit/modules/cmd_send.jar
Resource
win10v2004-20231020-en
Behavioral task
behavioral10
Sample
EzExploit/modules/cmd_server.jar
Resource
win10v2004-20231020-en
Behavioral task
behavioral11
Sample
EzExploit/modules/reconnect_yaml.jar
Resource
win10v2004-20231025-en
Behavioral task
behavioral12
Sample
EzExploit/plugin.yml
Resource
win10v2004-20231020-en
Behavioral task
behavioral13
Sample
EzExploit/plugins/RconFix.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral14
Sample
EzExploit/plugins/VdsPro.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral15
Sample
bungee.yml
Resource
win10v2004-20231023-en
Behavioral task
behavioral16
Sample
jutting/BungeeHack.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral17
Sample
jutting/commands/ConnectCommand.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral18
Sample
jutting/commands/IPCommand.class
Resource
win10v2004-20231025-en
Behavioral task
behavioral19
Sample
jutting/commands/InfoCommand.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral20
Sample
jutting/commands/NameCommand.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral21
Sample
jutting/commands/UUIDCommand.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral22
Sample
jutting/listener/LoginListener.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral23
Sample
jutting/listener/PreLoginListener.class
Resource
win10v2004-20231025-en
Behavioral task
behavioral24
Sample
jutting/listener/ServerConnectListener.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral25
Sample
org/json/simple/ItemList.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral26
Sample
org/json/simple/JSONArray.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral27
Sample
org/json/simple/JSONAware.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral28
Sample
org/json/simple/JSONObject.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral29
Sample
org/json/simple/JSONStreamAware.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral30
Sample
org/json/simple/JSONValue.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral31
Sample
org/json/simple/parser/ContainerFactory.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral32
Sample
org/json/simple/parser/ContentHandler.class
Resource
win10v2004-20231023-en
General
-
Target
EzExploit/plugins/RconFix.jar
-
Size
2KB
-
MD5
bb0199fad177d12ac638d2da61f9a4df
-
SHA1
25ee0d14cdc31a214e31c042054c82cdd9ad5176
-
SHA256
87e3c42b1cdba0b17983ee04ed656d94ebc2101923f4ba4f6dd96dea83705751
-
SHA512
26aa5c1f5e1fb172bbd65fd0c91da8e321c982027c7f26a27f2ce7454d8bb9493fc103180e094bfb87e7295217d6dd57b8fbf0ce8df9f5428e6e80c8498e672b
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 1304 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 684 wrote to memory of 1304 684 java.exe 92 PID 684 wrote to memory of 1304 684 java.exe 92
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\EzExploit\plugins\RconFix.jar1⤵
- Suspicious use of WriteProcessMemory
PID:684 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:1304
-