Overview

overview

7

Static

static

3

EzExploit ....3.exe

windows10-2004-x64

7

EzExploit ...md.exe

windows10-2004-x64

7

EzExploit ...en.jar

windows10-2004-x64

7

EzExploit ...it.jar

windows10-2004-x64

7

EzExploit ...rt.jar

windows10-2004-x64

7

EzExploit ...nd.jar

windows10-2004-x64

7

EzExploit ...st.jar

windows10-2004-x64

7

EzExploit ...nd.jar

windows10-2004-x64

7

EzExploit ...er.jar

windows10-2004-x64

7

EzExploit ...ml.jar

windows10-2004-x64

7

EzExploit ...un.bat

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 14:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EzExploit B2.3/methods/ezexploit.jar

  • Size

    6.4MB

  • MD5

    e81ac070ad4c90af5901b51f0866bec3

  • SHA1

    1d79158b1ce76d0da6fa097c92978b36e54fadf0

  • SHA256

    6ca09bebb7bd32957b17f33ac1689eeb179defb2478305bd6e000f6cd7372c71

  • SHA512

    d5448e4ac5914d58524ca9b39ed7135847ce7174d4e67b3d1b8944bbdfbb49d9e48c4a692d9688bca6f9e042cbad0b3489db4d7ffbe3d4c8b411850e43b99e01

  • SSDEEP

    98304:WjetyytcOFt3EdB3KopbJkuUGIb6hO/gvW56or1GNkQAi2lK6YyJBM8nthb6:gg3EH3Pjku7J9EEN1AZK6vBM8nthb6

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\EzExploit B2.3\methods\ezexploit.jar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4700
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    8f276b41fb189d1be5a2e4819c41fcae

    SHA1

    f5a2679d7bc49da95c59a9818900431333991740

    SHA256

    e54da1530e8f4fa8b57cbf2d169988d0644e7882e7b1a03e74b26143d1e03407

    SHA512

    e3bd56203fdc33b71062f3ec744ce6e33371b91969503d1570c560cde06f6e444644d5dd112f1eb6e202abe633acc8d837b549ffdc643ffe52e8db254afe79ab

    Download Submit

  • memory/4700-5-0x000001D5942B0000-0x000001D5952B0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/4700-13-0x000001D594290000-0x000001D594291000-memory.dmp

    Filesize

    4KB

    Download