Overview

overview

3

Static

static

3

56元1年_...��.url

windows7-x64

1

56元1年_...��.url

windows10-2004-x64

1

jetbra/ja-...er.jar

windows7-x64

1

jetbra/ja-...er.jar

windows10-2004-x64

1

jetbra/plu...ns.jar

windows7-x64

1

jetbra/plu...ns.jar

windows10-2004-x64

1

jetbra/plu...me.jar

windows7-x64

1

jetbra/plu...me.jar

windows10-2004-x64

1

jetbra/plu...er.jar

windows7-x64

1

jetbra/plu...er.jar

windows10-2004-x64

1

jetbra/plu...rl.jar

windows7-x64

1

jetbra/plu...rl.jar

windows10-2004-x64

1

jetbra/scr...rs.vbs

windows7-x64

1

jetbra/scr...rs.vbs

windows10-2004-x64

3

jetbra/scr...er.vbs

windows7-x64

1

jetbra/scr...er.vbs

windows10-2004-x64

1

jetbra/scr...all.sh

ubuntu-18.04-amd64

3

jetbra/scr...all.sh

debian-9-armhf

3

jetbra/scr...all.sh

debian-9-mips

1

jetbra/scr...all.sh

debian-9-mipsel

3

jetbra/scr...rs.vbs

windows7-x64

3

jetbra/scr...rs.vbs

windows10-2004-x64

3

jetbra/scr...er.vbs

windows7-x64

1

jetbra/scr...er.vbs

windows10-2004-x64

1

jetbra/scr...all.sh

ubuntu-18.04-amd64

3

jetbra/scr...all.sh

debian-9-armhf

3

jetbra/scr...all.sh

debian-9-mips

3

jetbra/scr...all.sh

debian-9-mipsel

3

使用说�...��.pdf

windows7-x64

1

使用说�...��.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-08-2023 05:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jetbra/scripts/install-all-users.vbs

  • Size

    2KB

  • MD5

    7bd1e1b7aa11ad5a13a6ec23b8afb549

  • SHA1

    46194b9c7ac66a5446afbcf172ffd7743b53da44

  • SHA256

    26a6ab6fa87ade5e2384bd539bcd8f01e9400b3ab636de9843c92b8099c96493

  • SHA512

    230868a57888e897886efb11c32d6c8c79f9ae1bbca4637a4d78d8ad148348bfceff9b7e41106c5281d550d27ed5158ad9faf0cd2df75d7085277bae08061e5c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\jetbra\scripts\install-all-users.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3856
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\jetbra\scripts\install-all-users.vbs" /elevate
      2⤵
        PID:2696

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\jetbra\vmoptions\pycharm.vmoptions
      Filesize

      714B

      MD5

      98cc20e62efc61ccb1eb9da726960f84

      SHA1

      49f991ac391fd30f557a9e952ba550697049f039

      SHA256

      3e6aec999c8fbb27c5eefa8617b003115ff1f8e417d0ff3532a62fcdb29e2b22

      SHA512

      6b103c107f690ad9ffef3925c4d059830bac30c696d7a928a63cb3eb8ff6c3d8a250c3bda97c2c78b02dfc033153f2614d516ac5256613290c4d4b791c59158b

      Download Submit