d8ac08dace524b4741c09aaac60814b0a4039268758a6149ff127ec0bd7053f7

Submit
Reports

Overview

overview

Static

static

all-in-one...in.ps1

windows7-x64

all-in-one...in.ps1

windows10-2004-x64

all-in-one...ess.js

windows7-x64

all-in-one...ess.js

windows10-2004-x64

all-in-one...es.ps1

windows7-x64

all-in-one...es.ps1

windows10-2004-x64

all-in-one...iew.js

windows7-x64

all-in-one...iew.js

windows10-2004-x64

all-in-one...age.js

windows7-x64

all-in-one...age.js

windows10-2004-x64

all-in-one...ps.ps1

windows7-x64

all-in-one...ps.ps1

windows10-2004-x64

all-in-one...ard.js

windows7-x64

all-in-one...ard.js

windows10-2004-x64

all-in-one...bs.ps1

windows7-x64

all-in-one...bs.ps1

windows10-2004-x64

all-in-one...er.ps1

windows7-x64

all-in-one...er.ps1

windows10-2004-x64

all-in-one...rs.ps1

windows7-x64

all-in-one...rs.ps1

windows10-2004-x64

all-in-one...eta.js

windows7-x64

all-in-one...eta.js

windows10-2004-x64

all-in-one...ta.ps1

windows7-x64

all-in-one...ta.ps1

windows10-2004-x64

all-in-one...ta.ps1

windows7-x64

all-in-one...ta.ps1

windows10-2004-x64

all-in-one...es.ps1

windows7-x64

all-in-one...es.ps1

windows10-2004-x64

all-in-one...rs.ps1

windows7-x64

all-in-one...rs.ps1

windows10-2004-x64

all-in-one...eta.js

windows7-x64

all-in-one...eta.js

windows10-2004-x64

Analysis

max time kernel
87s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2022 09:32

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Admin.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Admin.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/DeprecatedWordPress.js

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/DeprecatedWordPress.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/Notices.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/Notices.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral7

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/Review.js

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Notices/Review.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Usage.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

all-in-one-seo-pack-pro/app/Common/Admin/Usage.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

all-in-one-seo-pack-pro/app/Common/Api/Sitemaps.ps1

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

all-in-one-seo-pack-pro/app/Common/Api/Sitemaps.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral13

Sample

all-in-one-seo-pack-pro/app/Common/Api/Wizard.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

all-in-one-seo-pack-pro/app/Common/Api/Wizard.js

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

all-in-one-seo-pack-pro/app/Common/Breadcrumbs/Breadcrumbs.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

all-in-one-seo-pack-pro/app/Common/Breadcrumbs/Breadcrumbs.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/Importer.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/Importer.ps1

Resource

win10v2004-20220901-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/Helpers.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/Helpers.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral21

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/PostMeta.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/PostMeta.js

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/TitleMeta.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/RankMath/TitleMeta.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral25

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/SeoPress/PostMeta.ps1

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/SeoPress/PostMeta.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/SeoPress/Titles.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/SeoPress/Titles.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/YoastSeo/Helpers.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/YoastSeo/Helpers.ps1

Resource

win10v2004-20220901-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral31

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/YoastSeo/PostMeta.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

all-in-one-seo-pack-pro/app/Common/ImportExport/YoastSeo/PostMeta.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

all-in-one-seo-pack-pro/app/Common/ImportExport/SeoPress/PostMeta.ps1
Size

5KB
MD5

078b634ac7b74339460de4f6d9a45356
SHA1

74c49fc6ace0d0fb1c250dcb04e87a94b3163d15
SHA256

b07f0696c6ce598bfab03fdec8a0f9f6c3ae23b37ef90c27f25296198e6e7abb
SHA512

f777dc35428b38e18c52fed05c07b8debc9ae4e47a36bb351d233d563566c8da2e3aa9dc78fb3457641debeb7300838f9a4d5873f247869c3afc1fdbdbc882fe
SSDEEP

96:YQE5++K3KdtjDTQhyzPKG1dvGvrx2ClIvnFmj/uyr3+yYeRgnStrN/:Yly3KdtjDTQh88zsoIfByr3+yYePtV

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4676	powershell.exe
4676	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4676	powershell.exe

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\all-in-one-seo-pack-pro\app\Common\ImportExport\SeoPress\PostMeta.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4676-132-0x00000182CB920000-0x00000182CB942000-memory.dmp

Filesize
136KB

Download
memory/4676-133-0x00007FFB15D60000-0x00007FFB16821000-memory.dmp

Filesize
10.8MB

Download
memory/4676-134-0x00007FFB15D60000-0x00007FFB16821000-memory.dmp

Filesize
10.8MB

Download