Overview
overview
7Static
static
1EzExploit.rar
windows10-2004-x64
3EzExploit/config.yml
windows10-2004-x64
3EzExploit/...rd.jar
windows10-2004-x64
7EzExploit/...rd.bat
windows10-2004-x64
7EzExploit/modules.yml
windows10-2004-x64
3EzExploit/...rt.jar
windows10-2004-x64
7EzExploit/...nd.jar
windows10-2004-x64
7EzExploit/...st.jar
windows10-2004-x64
7EzExploit/...nd.jar
windows10-2004-x64
7EzExploit/...er.jar
windows10-2004-x64
7EzExploit/...ml.jar
windows10-2004-x64
7EzExploit/plugin.yml
windows10-2004-x64
3EzExploit/...ix.jar
windows10-2004-x64
7EzExploit/...ro.jar
windows10-2004-x64
1bungee.yml
windows10-2004-x64
3jutting/Bu....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/co....class
windows10-2004-x64
3jutting/li....class
windows10-2004-x64
3jutting/li....class
windows10-2004-x64
3jutting/li....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3org/json/s....class
windows10-2004-x64
3Analysis
-
max time kernel
285s -
max time network
291s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
02/11/2023, 15:01
Static task
static1
Behavioral task
behavioral1
Sample
EzExploit.rar
Resource
win10v2004-20231020-en
Behavioral task
behavioral2
Sample
EzExploit/config.yml
Resource
win10v2004-20231025-en
Behavioral task
behavioral3
Sample
EzExploit/ezexploit_standard.jar
Resource
win10v2004-20231020-en
Behavioral task
behavioral4
Sample
EzExploit/launch-standard.bat
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
EzExploit/modules.yml
Resource
win10v2004-20231020-en
Behavioral task
behavioral6
Sample
EzExploit/modules/cmd_alert.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
EzExploit/modules/cmd_find.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral8
Sample
EzExploit/modules/cmd_list.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
EzExploit/modules/cmd_send.jar
Resource
win10v2004-20231020-en
Behavioral task
behavioral10
Sample
EzExploit/modules/cmd_server.jar
Resource
win10v2004-20231020-en
Behavioral task
behavioral11
Sample
EzExploit/modules/reconnect_yaml.jar
Resource
win10v2004-20231025-en
Behavioral task
behavioral12
Sample
EzExploit/plugin.yml
Resource
win10v2004-20231020-en
Behavioral task
behavioral13
Sample
EzExploit/plugins/RconFix.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral14
Sample
EzExploit/plugins/VdsPro.jar
Resource
win10v2004-20231023-en
Behavioral task
behavioral15
Sample
bungee.yml
Resource
win10v2004-20231023-en
Behavioral task
behavioral16
Sample
jutting/BungeeHack.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral17
Sample
jutting/commands/ConnectCommand.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral18
Sample
jutting/commands/IPCommand.class
Resource
win10v2004-20231025-en
Behavioral task
behavioral19
Sample
jutting/commands/InfoCommand.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral20
Sample
jutting/commands/NameCommand.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral21
Sample
jutting/commands/UUIDCommand.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral22
Sample
jutting/listener/LoginListener.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral23
Sample
jutting/listener/PreLoginListener.class
Resource
win10v2004-20231025-en
Behavioral task
behavioral24
Sample
jutting/listener/ServerConnectListener.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral25
Sample
org/json/simple/ItemList.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral26
Sample
org/json/simple/JSONArray.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral27
Sample
org/json/simple/JSONAware.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral28
Sample
org/json/simple/JSONObject.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral29
Sample
org/json/simple/JSONStreamAware.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral30
Sample
org/json/simple/JSONValue.class
Resource
win10v2004-20231020-en
Behavioral task
behavioral31
Sample
org/json/simple/parser/ContainerFactory.class
Resource
win10v2004-20231023-en
Behavioral task
behavioral32
Sample
org/json/simple/parser/ContentHandler.class
Resource
win10v2004-20231023-en
General
-
Target
EzExploit/modules/cmd_find.jar
-
Size
4KB
-
MD5
7b5e43fbeeadb29e464b83438b364b41
-
SHA1
7f1ec5e5d4a1638b90bae3850c91c7172dbbd01f
-
SHA256
ce8061e18a7adda05365eb3fbc46dd8860725ee8d529b91c1362aabb24e6915d
-
SHA512
6721f7bded1786edba9792456348fd94b3cb302ff784057a779dad7682491a3a842d5f05e60d0c3c2f3506d5066afd367159700309fec2e6fa280d83f478f71b
-
SSDEEP
96:v6HXGuBMb/E2TWtwRx4/m/5KoE4TpZ06cB1O2uWD:v63G7bEkWtwRx//5tEYEia
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 952 icacls.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3284 wrote to memory of 952 3284 java.exe 91 PID 3284 wrote to memory of 952 3284 java.exe 91
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\EzExploit\modules\cmd_find.jar1⤵
- Suspicious use of WriteProcessMemory
PID:3284 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:952
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5db9ebdd49795611578e76c643e37bda3
SHA1a371a9ab199619d44ba11bf6c543cacaeb2ce3d7
SHA256e2850ea2b920ff2872777e153d0b70a97e23e469360888257bfc7a5ef5a9c8c8
SHA512f8f20322cf8b864137d79e853cb7db3e4de7a22a22e076b71473a16e1d874edc85ce299c3be9b174d16bd3a235cfb6e007414cd2ad881b8172c7330c73bc76eb