4a93b3a41c77cb9cbaf1500097e33c1456ff5fa52c4a507624f163a35afa4941

Analysis

max time kernel
150s
max time network
151s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19/01/2025, 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ezz.jar
Size

639KB
MD5

ba91eedd55543ec8b18ba8c9dd27886c
SHA1

4d3c0e05342791d000cd689fdc84650ba324ce85
SHA256

4a93b3a41c77cb9cbaf1500097e33c1456ff5fa52c4a507624f163a35afa4941
SHA512

204ada7e600fc7893bfd25be9c08bfa97c6ab5284c2c40e7af1f23a5963c48665bde9f24528bc0952ec6997396fc65fb955efc989a20388c3bfa29e5b9d43e38
SSDEEP

12288:w/3bQ3/J9zed94V74X+fg+/rRr+VZMNmfogeVuRrC3Au0290SMhDMJ:w/rQPjeT4VPfg+FaImfVwlAup9HMhDMJ

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1737309324268.tmp"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
7	2.tcp.ngrok.io
229	2.tcp.ngrok.io
386	2.tcp.ngrok.io

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3984	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 4972	3984	java.exe	83
PID 3984 wrote to memory of 4972	3984	java.exe	83
PID 3984 wrote to memory of 4448	3984	java.exe	85
PID 3984 wrote to memory of 4448	3984	java.exe	85
PID 4448 wrote to memory of 1048	4448	cmd.exe	87
PID 4448 wrote to memory of 1048	4448	cmd.exe	87

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4972	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\ezz.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1737309324268.tmp
  2⤵
  - Views/modifies file attributes
  PID:4972
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1737309324268.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4448
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1737309324268.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3984-2-0x000001A8E4960000-0x000001A8E4BD0000-memory.dmp

Filesize
2.4MB

Download
memory/3984-16-0x000001A8E4BD0000-0x000001A8E4BE0000-memory.dmp

Filesize
64KB

Download
memory/3984-17-0x000001A8E4BE0000-0x000001A8E4BF0000-memory.dmp

Filesize
64KB

Download
memory/3984-19-0x000001A8E4BF0000-0x000001A8E4C00000-memory.dmp

Filesize
64KB

Download
memory/3984-22-0x000001A8E4C00000-0x000001A8E4C10000-memory.dmp

Filesize
64KB

Download
memory/3984-23-0x000001A8E4C10000-0x000001A8E4C20000-memory.dmp

Filesize
64KB

Download
memory/3984-25-0x000001A8E4C20000-0x000001A8E4C30000-memory.dmp

Filesize
64KB

Download
memory/3984-27-0x000001A8E4C30000-0x000001A8E4C40000-memory.dmp

Filesize
64KB

Download
memory/3984-29-0x000001A8E4C40000-0x000001A8E4C50000-memory.dmp

Filesize
64KB

Download
memory/3984-31-0x000001A8E4C50000-0x000001A8E4C60000-memory.dmp

Filesize
64KB

Download
memory/3984-34-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-41-0x000001A8E4960000-0x000001A8E4BD0000-memory.dmp

Filesize
2.4MB

Download
memory/3984-44-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-51-0x000001A8E4BD0000-0x000001A8E4BE0000-memory.dmp

Filesize
64KB

Download
memory/3984-52-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-61-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-64-0x000001A8E4C60000-0x000001A8E4C70000-memory.dmp

Filesize
64KB

Download
memory/3984-63-0x000001A8E4BE0000-0x000001A8E4BF0000-memory.dmp

Filesize
64KB

Download
memory/3984-67-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-71-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-75-0x000001A8E4BF0000-0x000001A8E4C00000-memory.dmp

Filesize
64KB

Download
memory/3984-76-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-79-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-80-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-83-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-84-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-87-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-88-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-92-0x000001A8E4C00000-0x000001A8E4C10000-memory.dmp

Filesize
64KB

Download
memory/3984-101-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-105-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-109-0x000001A8E4C10000-0x000001A8E4C20000-memory.dmp

Filesize
64KB

Download
memory/3984-110-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-114-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-118-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-122-0x000001A8E4C20000-0x000001A8E4C30000-memory.dmp

Filesize
64KB

Download
memory/3984-139-0x000001A8E4C30000-0x000001A8E4C40000-memory.dmp

Filesize
64KB

Download
memory/3984-156-0x000001A8E4C40000-0x000001A8E4C50000-memory.dmp

Filesize
64KB

Download
memory/3984-168-0x000001A8E4C50000-0x000001A8E4C60000-memory.dmp

Filesize
64KB

Download
memory/3984-173-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-181-0x000001A8E30B0000-0x000001A8E30B1000-memory.dmp

Filesize
4KB

Download
memory/3984-201-0x000001A8E4C60000-0x000001A8E4C70000-memory.dmp

Filesize
64KB

Download
memory/3984-217-0x000001A8E4C70000-0x000001A8E4C80000-memory.dmp

Filesize
64KB

Download
memory/3984-326-0x000001A8E4C70000-0x000001A8E4C80000-memory.dmp

Filesize
64KB

Download
memory/3984-410-0x000001A8E4C80000-0x000001A8E4C90000-memory.dmp

Filesize
64KB

Download
memory/3984-418-0x000001A8E4C90000-0x000001A8E4CA0000-memory.dmp

Filesize
64KB

Download
memory/3984-423-0x000001A8E4CA0000-0x000001A8E4CB0000-memory.dmp

Filesize
64KB

Download
memory/3984-428-0x000001A8E4CB0000-0x000001A8E4CC0000-memory.dmp

Filesize
64KB

Download
memory/3984-458-0x000001A8E4CE0000-0x000001A8E4CF0000-memory.dmp

Filesize
64KB

Download
memory/3984-457-0x000001A8E4CC0000-0x000001A8E4CD0000-memory.dmp

Filesize
64KB

Download
memory/3984-473-0x000001A8E4CF0000-0x000001A8E4D00000-memory.dmp

Filesize
64KB

Download
memory/3984-480-0x000001A8E4C80000-0x000001A8E4C90000-memory.dmp

Filesize
64KB

Download
memory/3984-481-0x000001A8E4D00000-0x000001A8E4D10000-memory.dmp

Filesize
64KB

Download
memory/3984-490-0x000001A8E4D10000-0x000001A8E4D20000-memory.dmp

Filesize
64KB

Download
memory/3984-499-0x000001A8E4C90000-0x000001A8E4CA0000-memory.dmp

Filesize
64KB

Download
memory/3984-506-0x000001A8E4D20000-0x000001A8E4D30000-memory.dmp

Filesize
64KB

Download
memory/3984-505-0x000001A8E4CA0000-0x000001A8E4CB0000-memory.dmp

Filesize
64KB

Download
memory/3984-511-0x000001A8E4D30000-0x000001A8E4D40000-memory.dmp

Filesize
64KB

Download
memory/3984-510-0x000001A8E4CB0000-0x000001A8E4CC0000-memory.dmp

Filesize
64KB

Download
memory/3984-525-0x000001A8E4CC0000-0x000001A8E4CD0000-memory.dmp

Filesize
64KB

Download
memory/3984-526-0x000001A8E4D40000-0x000001A8E4D50000-memory.dmp

Filesize
64KB

Download
memory/3984-527-0x000001A8E4CE0000-0x000001A8E4CF0000-memory.dmp

Filesize
64KB

Download
memory/3984-528-0x000001A8E4D50000-0x000001A8E4D60000-memory.dmp

Filesize
64KB

Download
memory/3984-546-0x000001A8E4CF0000-0x000001A8E4D00000-memory.dmp

Filesize
64KB

Download
memory/3984-551-0x000001A8E4D00000-0x000001A8E4D10000-memory.dmp

Filesize
64KB

Download
memory/3984-552-0x000001A8E4D60000-0x000001A8E4D70000-memory.dmp

Filesize
64KB

Download
memory/3984-553-0x000001A8E4D10000-0x000001A8E4D20000-memory.dmp

Filesize
64KB

Download
memory/3984-554-0x000001A8E4D70000-0x000001A8E4D80000-memory.dmp

Filesize
64KB

Download
memory/3984-571-0x000001A8E4D20000-0x000001A8E4D30000-memory.dmp

Filesize
64KB

Download
memory/3984-580-0x000001A8E4D30000-0x000001A8E4D40000-memory.dmp

Filesize
64KB

Download
memory/3984-581-0x000001A8E4D80000-0x000001A8E4D90000-memory.dmp

Filesize
64KB

Download
memory/3984-591-0x000001A8E4D40000-0x000001A8E4D50000-memory.dmp

Filesize
64KB

Download
memory/3984-594-0x000001A8E4D90000-0x000001A8E4DA0000-memory.dmp

Filesize
64KB

Download
memory/3984-593-0x000001A8E4D50000-0x000001A8E4D60000-memory.dmp

Filesize
64KB

Download
memory/3984-609-0x000001A8E4DA0000-0x000001A8E4DB0000-memory.dmp

Filesize
64KB

Download
memory/3984-613-0x000001A8E4D60000-0x000001A8E4D70000-memory.dmp

Filesize
64KB

Download
memory/3984-618-0x000001A8E4D70000-0x000001A8E4D80000-memory.dmp

Filesize
64KB

Download
memory/3984-630-0x000001A8E4DB0000-0x000001A8E4DC0000-memory.dmp

Filesize
64KB

Download
memory/3984-647-0x000001A8E4D80000-0x000001A8E4D90000-memory.dmp

Filesize
64KB

Download
memory/3984-648-0x000001A8E4DC0000-0x000001A8E4DD0000-memory.dmp

Filesize
64KB

Download
memory/3984-665-0x000001A8E4D90000-0x000001A8E4DA0000-memory.dmp

Filesize
64KB

Download
memory/3984-666-0x000001A8E4DD0000-0x000001A8E4DE0000-memory.dmp

Filesize
64KB

Download
memory/3984-682-0x000001A8E4DA0000-0x000001A8E4DB0000-memory.dmp

Filesize
64KB

Download
memory/3984-694-0x000001A8E4DE0000-0x000001A8E4DF0000-memory.dmp

Filesize
64KB

Download
memory/3984-710-0x000001A8E4DB0000-0x000001A8E4DC0000-memory.dmp

Filesize
64KB

Download
memory/3984-727-0x000001A8E4DC0000-0x000001A8E4DD0000-memory.dmp

Filesize
64KB

Download
memory/3984-734-0x000001A8E4DD0000-0x000001A8E4DE0000-memory.dmp

Filesize
64KB

Download
memory/3984-745-0x000001A8E4DE0000-0x000001A8E4DF0000-memory.dmp

Filesize
64KB

Download
memory/3984-752-0x000001A8E4DF0000-0x000001A8E4E00000-memory.dmp

Filesize
64KB

Download
memory/3984-772-0x000001A8E4E00000-0x000001A8E4E10000-memory.dmp

Filesize
64KB

Download
memory/3984-778-0x000001A8E4E10000-0x000001A8E4E20000-memory.dmp

Filesize
64KB

Download
memory/3984-785-0x000001A8E4E20000-0x000001A8E4E30000-memory.dmp

Filesize
64KB

Download
memory/3984-797-0x000001A8E4E30000-0x000001A8E4E40000-memory.dmp

Filesize
64KB

Download
memory/3984-812-0x000001A8E4DF0000-0x000001A8E4E00000-memory.dmp

Filesize
64KB

Download
memory/3984-845-0x000001A8E4E00000-0x000001A8E4E10000-memory.dmp

Filesize
64KB

Download
memory/3984-856-0x000001A8E4E10000-0x000001A8E4E20000-memory.dmp

Filesize
64KB

Download
memory/3984-857-0x000001A8E4E40000-0x000001A8E4E50000-memory.dmp

Filesize
64KB

Download
memory/3984-866-0x000001A8E4E20000-0x000001A8E4E30000-memory.dmp

Filesize
64KB

Download
memory/3984-874-0x000001A8E4E30000-0x000001A8E4E40000-memory.dmp

Filesize
64KB

Download
memory/3984-908-0x000001A8E4E50000-0x000001A8E4E60000-memory.dmp

Filesize
64KB

Download
memory/3984-940-0x000001A8E4E40000-0x000001A8E4E50000-memory.dmp

Filesize
64KB

Download
memory/3984-948-0x000001A8E4E60000-0x000001A8E4E70000-memory.dmp

Filesize
64KB

Download
memory/3984-975-0x000001A8E4E70000-0x000001A8E4E80000-memory.dmp

Filesize
64KB

Download
memory/3984-979-0x000001A8E4E50000-0x000001A8E4E60000-memory.dmp

Filesize
64KB

Download
memory/3984-980-0x000001A8E4E80000-0x000001A8E4E90000-memory.dmp

Filesize
64KB

Download
memory/3984-1004-0x000001A8E4E90000-0x000001A8E4EA0000-memory.dmp

Filesize
64KB

Download
memory/3984-1014-0x000001A8E4E60000-0x000001A8E4E70000-memory.dmp

Filesize
64KB

Download
memory/3984-1041-0x000001A8E4E70000-0x000001A8E4E80000-memory.dmp

Filesize
64KB

Download
memory/3984-1042-0x000001A8E4EA0000-0x000001A8E4EB0000-memory.dmp

Filesize
64KB

Download
memory/3984-1052-0x000001A8E4E80000-0x000001A8E4E90000-memory.dmp

Filesize
64KB

Download
memory/3984-1078-0x000001A8E4EB0000-0x000001A8E4EC0000-memory.dmp

Filesize
64KB

Download
memory/3984-1087-0x000001A8E4EC0000-0x000001A8E4ED0000-memory.dmp

Filesize
64KB

Download
memory/3984-1098-0x000001A8E4ED0000-0x000001A8E4EE0000-memory.dmp

Filesize
64KB

Download
memory/3984-1099-0x000001A8E4EE0000-0x000001A8E4EF0000-memory.dmp

Filesize
64KB

Download
memory/3984-1102-0x000001A8E4EF0000-0x000001A8E4F00000-memory.dmp

Filesize
64KB

Download
memory/3984-1103-0x000001A8E4EA0000-0x000001A8E4EB0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads