d8ac08dace524b4741c09aaac60814b0a4039268758a6149ff127ec0bd7053f7

Submit
Reports

Overview

overview

Static

static

all-in-one...in.ps1

windows7-x64

all-in-one...in.ps1

windows10-2004-x64

all-in-one...ess.js

windows7-x64

all-in-one...ess.js

windows10-2004-x64

all-in-one...es.ps1

windows7-x64

all-in-one...es.ps1

windows10-2004-x64

all-in-one...iew.js

windows7-x64

all-in-one...iew.js

windows10-2004-x64

all-in-one...age.js

windows7-x64

all-in-one...age.js

windows10-2004-x64

all-in-one...ps.ps1

windows7-x64

all-in-one...ps.ps1

windows10-2004-x64

all-in-one...ard.js

windows7-x64

all-in-one...ard.js

windows10-2004-x64

all-in-one...bs.ps1

windows7-x64

all-in-one...bs.ps1

windows10-2004-x64

all-in-one...er.ps1

windows7-x64

all-in-one...er.ps1

windows10-2004-x64

all-in-one...rs.ps1

windows7-x64

all-in-one...rs.ps1

windows10-2004-x64

all-in-one...eta.js

windows7-x64

all-in-one...eta.js

windows10-2004-x64

all-in-one...ta.ps1

windows7-x64

all-in-one...ta.ps1

windows10-2004-x64

all-in-one...ta.ps1

windows7-x64

all-in-one...ta.ps1

windows10-2004-x64

all-in-one...es.ps1

windows7-x64

all-in-one...es.ps1

windows10-2004-x64

all-in-one...rs.ps1

windows7-x64

all-in-one...rs.ps1

windows10-2004-x64

all-in-one...eta.js

windows7-x64

all-in-one...eta.js

windows10-2004-x64

Analysis

max time kernel
87s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2022 09:32

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Admin.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Admin.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/DeprecatedWordPress.js

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/DeprecatedWordPress.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/Notices.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/Notices.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral7

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/Review.js

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/Review.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Usage.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Usage.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

all-in-one-seo-pack-pro/app/Common/Api/Sitemaps.ps1

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

all-in-one-seo-pack-pro/app/Common/Api/Sitemaps.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral13

Sample

all-in-one-seo-pack-pro/app/Common/Api/Wizard.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

all-in-one-seo-pack-pro/app/Common/Api/Wizard.js

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

all-in-one-seo-pack-pro/app/Common/Breadcrumbs/Breadcrumbs.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

all-in-one-seo-pack-pro/app/Common/Breadcrumbs/Breadcrumbs.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/Importer.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/Importer.ps1

Resource

win10v2004-20220901-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/Helpers.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/Helpers.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral21

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/PostMeta.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/PostMeta.js

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/TitleMeta.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/TitleMeta.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral25

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/SeoPress/PostMeta.ps1

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/SeoPress/PostMeta.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/SeoPress/Titles.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/SeoPress/Titles.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/YoastSeo/Helpers.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/YoastSeo/Helpers.ps1

Resource

win10v2004-20220901-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral31

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/YoastSeo/PostMeta.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/YoastSeo/PostMeta.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/TitleMeta.ps1
Size

19KB
MD5

b6d97d08e970c69013fdd1cdafedf314
SHA1

b230d4a8f6e15ee24b94ff08757a8607701a3e8a
SHA256

cf6faebc666ffa24ad70b5d3d2bf9cfc2426aa2408b9a1c09390d0312538a972
SHA512

a98991d1c39815f6247459e19699ba81db06c35d6db79f8d287cb571b03a268d41d76712e5edff9973d2d38ca4a02712296963f7d6fd6bbaa6443798b1e82bfb
SSDEEP

192:htBFr6KlC6iVmeUOEr75iigqOMBatqtk9L79fgqO1ByldYGv3vD9:TH6KMVmeUOW75nTUtqteLRX28YGv3r9

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4188	powershell.exe
4188	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4188	powershell.exe

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\all-in-one-seo-pack-pro\app\Common\ImportExport\RankMath\TitleMeta.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4188-132-0x00000221F9200000-0x00000221F9222000-memory.dmp

Filesize
136KB

Download
memory/4188-133-0x00007FF8D0020000-0x00007FF8D0AE1000-memory.dmp

Filesize
10.8MB

Download
memory/4188-134-0x00007FF8D0020000-0x00007FF8D0AE1000-memory.dmp

Filesize
10.8MB

Download