d36dd28faf7bfa142cc48ad20e6c32dca9846fb0f912242fc3f5e570ca847eae

Submit
Reports

Overview

overview

Static

static

sitepress-...es.ps1

windows7_x64

sitepress-...es.ps1

windows10-2004_x64

sitepress-...ion.js

windows7_x64

sitepress-...ion.js

windows10-2004_x64

sitepress-...er.ps1

windows7_x64

sitepress-...er.ps1

windows10-2004_x64

sitepress-...ot.ps1

windows7_x64

sitepress-...ot.ps1

windows10-2004_x64

sitepress-...als.js

windows7_x64

sitepress-...als.js

windows10-2004_x64

sitepress-...te.ps1

windows7_x64

sitepress-...te.ps1

windows10-2004_x64

sitepress-...tly.js

windows7_x64

sitepress-...tly.js

windows10-2004_x64

sitepress-...on.ps1

windows7_x64

sitepress-...on.ps1

windows10-2004_x64

sitepress-...es.ps1

windows7_x64

sitepress-...es.ps1

windows10-2004_x64

sitepress-...on.ps1

windows7_x64

sitepress-...on.ps1

windows10-2004_x64

sitepress-...ds.ps1

windows7_x64

sitepress-...ds.ps1

windows10-2004_x64

sitepress-...es.ps1

windows7_x64

sitepress-...es.ps1

windows10-2004_x64

sitepress-...ion.js

windows7_x64

sitepress-...ion.js

windows10-2004_x64

sitepress-...age.js

windows7_x64

sitepress-...age.js

windows10-2004_x64

sitepress-...ion.js

windows7_x64

sitepress-...ion.js

windows10-2004_x64

sitepress-...tup.js

windows7_x64

sitepress-...tup.js

windows10-2004_x64

Analysis

max time kernel
39s
max time network
50s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 19:18

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

sitepress-multilingual-cms/class.plugin-modules.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sitepress-multilingual-cms/class.plugin-modules.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

sitepress-multilingual-cms/classes/API/REST/class-wpml-rest-arguments-validation.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

sitepress-multilingual-cms/classes/API/REST/class-wpml-rest-arguments-validation.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

sitepress-multilingual-cms/classes/action-filter-loader/class-wpml-action-filter-loader.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

sitepress-multilingual-cms/classes/action-filter-loader/class-wpml-action-filter-loader.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

sitepress-multilingual-cms/classes/admin-menu/class-wpml-admin-menu-root.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

sitepress-multilingual-cms/classes/admin-menu/class-wpml-admin-menu-root.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

sitepress-multilingual-cms/classes/canonicals/class-wpml-canonicals.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

sitepress-multilingual-cms/classes/canonicals/class-wpml-canonicals.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

sitepress-multilingual-cms/classes/class-wpml-config-update.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

sitepress-multilingual-cms/classes/class-wpml-config-update.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

sitepress-multilingual-cms/classes/class-wpml-translate-independently.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

sitepress-multilingual-cms/classes/class-wpml-translate-independently.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

sitepress-multilingual-cms/classes/compatibility/wpseo/class-wpml-wpseo-redirection.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

sitepress-multilingual-cms/classes/compatibility/wpseo/class-wpml-wpseo-redirection.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

sitepress-multilingual-cms/classes/container/class.plugin-modules.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

sitepress-multilingual-cms/classes/container/class.plugin-modules.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

sitepress-multilingual-cms/classes/core-abstract-classes/class-wpml-element-translation.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

sitepress-multilingual-cms/classes/core-abstract-classes/class-wpml-element-translation.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

sitepress-multilingual-cms/classes/custom-field-translation/class-wpml-translate-link-targets-in-custom-fields.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

sitepress-multilingual-cms/classes/custom-field-translation/class-wpml-translate-link-targets-in-custom-fields.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

sitepress-multilingual-cms/classes/display-as-translated/class-wpml-display-as-translated-default-lang-messages.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

sitepress-multilingual-cms/classes/display-as-translated/class-wpml-display-as-translated-default-lang-messages.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

sitepress-multilingual-cms/classes/end-user/confirmation/class-wpml-end-user-registration-confirmation.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

sitepress-multilingual-cms/classes/end-user/confirmation/class-wpml-end-user-registration-confirmation.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

sitepress-multilingual-cms/classes/media/class-wpml-set-attachments-language.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

sitepress-multilingual-cms/classes/media/class-wpml-set-attachments-language.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

sitepress-multilingual-cms/classes/media/duplication/class-wpml-media-attachments-duplication.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

sitepress-multilingual-cms/classes/media/duplication/class-wpml-media-attachments-duplication.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

sitepress-multilingual-cms/classes/menu-elements/class-wpml-admin-scripts-setup.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

sitepress-multilingual-cms/classes/menu-elements/class-wpml-admin-scripts-setup.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

sitepress-multilingual-cms/class.plugin-modules.ps1
Size

33KB
MD5

b2e98238fabfe4160c3bb613b2303a89
SHA1

3f45ae4b554214c390ece0d1609516325538bffe
SHA256

27995818a8fb4463deb9c9ac0a69180a8d31f4a6286781e84926508ad2191233
SHA512

fc5fef904c77df442347a475a66202afdf48ba99ced6c9fae6c60f23bc66a67bab83e6b0ebd20503bd10ca2166303e1e92e72d4303a9d9802fed84a4828e1f4d

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

908 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 908 powershell.exe

pid	process
908	powershell.exe

description	pid	process
Token: SeDebugPrivilege	908	powershell.exe

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\sitepress-multilingual-cms\class.plugin-modules.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/908-54-0x000007FEFBA91000-0x000007FEFBA93000-memory.dmp

Filesize
8KB

Download
memory/908-56-0x000007FEF3E70000-0x000007FEF49CD000-memory.dmp

Filesize
11.4MB

Download
memory/908-57-0x00000000028B4000-0x00000000028B7000-memory.dmp

Filesize
12KB

Download
memory/908-58-0x00000000028BB000-0x00000000028DA000-memory.dmp

Filesize
124KB

Download