d36dd28faf7bfa142cc48ad20e6c32dca9846fb0f912242fc3f5e570ca847eae

Submit
Reports

Overview

overview

Static

static

sitepress-...es.ps1

windows7_x64

sitepress-...es.ps1

windows10-2004_x64

sitepress-...ion.js

windows7_x64

sitepress-...ion.js

windows10-2004_x64

sitepress-...er.ps1

windows7_x64

sitepress-...er.ps1

windows10-2004_x64

sitepress-...ot.ps1

windows7_x64

sitepress-...ot.ps1

windows10-2004_x64

sitepress-...als.js

windows7_x64

sitepress-...als.js

windows10-2004_x64

sitepress-...te.ps1

windows7_x64

sitepress-...te.ps1

windows10-2004_x64

sitepress-...tly.js

windows7_x64

sitepress-...tly.js

windows10-2004_x64

sitepress-...on.ps1

windows7_x64

sitepress-...on.ps1

windows10-2004_x64

sitepress-...es.ps1

windows7_x64

sitepress-...es.ps1

windows10-2004_x64

sitepress-...on.ps1

windows7_x64

sitepress-...on.ps1

windows10-2004_x64

sitepress-...ds.ps1

windows7_x64

sitepress-...ds.ps1

windows10-2004_x64

sitepress-...es.ps1

windows7_x64

sitepress-...es.ps1

windows10-2004_x64

sitepress-...ion.js

windows7_x64

sitepress-...ion.js

windows10-2004_x64

sitepress-...age.js

windows7_x64

sitepress-...age.js

windows10-2004_x64

sitepress-...ion.js

windows7_x64

sitepress-...ion.js

windows10-2004_x64

sitepress-...tup.js

windows7_x64

sitepress-...tup.js

windows10-2004_x64

Analysis

max time kernel
101s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
21-05-2022 19:18

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

sitepress-multilingual-cms/class.plugin-modules.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sitepress-multilingual-cms/class.plugin-modules.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

sitepress-multilingual-cms/classes/API/REST/class-wpml-rest-arguments-validation.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

sitepress-multilingual-cms/classes/API/REST/class-wpml-rest-arguments-validation.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

sitepress-multilingual-cms/classes/action-filter-loader/class-wpml-action-filter-loader.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

sitepress-multilingual-cms/classes/action-filter-loader/class-wpml-action-filter-loader.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

sitepress-multilingual-cms/classes/admin-menu/class-wpml-admin-menu-root.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

sitepress-multilingual-cms/classes/admin-menu/class-wpml-admin-menu-root.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

sitepress-multilingual-cms/classes/canonicals/class-wpml-canonicals.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

sitepress-multilingual-cms/classes/canonicals/class-wpml-canonicals.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

sitepress-multilingual-cms/classes/class-wpml-config-update.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

sitepress-multilingual-cms/classes/class-wpml-config-update.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

sitepress-multilingual-cms/classes/class-wpml-translate-independently.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

sitepress-multilingual-cms/classes/class-wpml-translate-independently.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

sitepress-multilingual-cms/classes/compatibility/wpseo/class-wpml-wpseo-redirection.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

sitepress-multilingual-cms/classes/compatibility/wpseo/class-wpml-wpseo-redirection.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

sitepress-multilingual-cms/classes/container/class.plugin-modules.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

sitepress-multilingual-cms/classes/container/class.plugin-modules.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

sitepress-multilingual-cms/classes/core-abstract-classes/class-wpml-element-translation.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

sitepress-multilingual-cms/classes/core-abstract-classes/class-wpml-element-translation.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

sitepress-multilingual-cms/classes/custom-field-translation/class-wpml-translate-link-targets-in-custom-fields.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

sitepress-multilingual-cms/classes/custom-field-translation/class-wpml-translate-link-targets-in-custom-fields.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

sitepress-multilingual-cms/classes/display-as-translated/class-wpml-display-as-translated-default-lang-messages.ps1

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

sitepress-multilingual-cms/classes/display-as-translated/class-wpml-display-as-translated-default-lang-messages.ps1

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

sitepress-multilingual-cms/classes/end-user/confirmation/class-wpml-end-user-registration-confirmation.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

sitepress-multilingual-cms/classes/end-user/confirmation/class-wpml-end-user-registration-confirmation.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

sitepress-multilingual-cms/classes/media/class-wpml-set-attachments-language.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

sitepress-multilingual-cms/classes/media/class-wpml-set-attachments-language.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

sitepress-multilingual-cms/classes/media/duplication/class-wpml-media-attachments-duplication.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

sitepress-multilingual-cms/classes/media/duplication/class-wpml-media-attachments-duplication.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

sitepress-multilingual-cms/classes/menu-elements/class-wpml-admin-scripts-setup.js

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

sitepress-multilingual-cms/classes/menu-elements/class-wpml-admin-scripts-setup.js

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

sitepress-multilingual-cms/classes/action-filter-loader/class-wpml-action-filter-loader.ps1
Size

3KB
MD5

df9c2568d1946d3a2ae75047d80c09ae
SHA1

380273055a2e4ff8b82e9e17ddaca4b41e303937
SHA256

93f5a100f55e52e10f31dfa8a47105fa8e1db5e704dc99b5a89235ba7a0f8690
SHA512

b17feb11c6c7ec4b9304213797a2e219fd114130ea9990af51964ce1ed2b23b8c1c5077e75b200085661607a776a0cd1914144e0c4090814ebcd8d3d8b2fd026

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid process

1744 powershell.exe
1744 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 1744 powershell.exe

pid	process
1744	powershell.exe
1744	powershell.exe

description	pid	process
Token: SeDebugPrivilege	1744	powershell.exe

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\sitepress-multilingual-cms\classes\action-filter-loader\class-wpml-action-filter-loader.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-130-0x0000022B5F8A0000-0x0000022B5F8C2000-memory.dmp

Filesize
136KB

Download
memory/1744-131-0x00007FFC628A0000-0x00007FFC63361000-memory.dmp

Filesize
10.8MB

Download