Static
static
wp-asset-c...ain.js
wp-asset-c...ain.js
wp-asset-c...min.js
wp-asset-c...min.js
windows10-2004-x64
1wp-asset-c...re.xml
windows7-x64
1wp-asset-c...re.xml
windows10-2004-x64
1wp-asset-c...ie.xml
windows7-x64
1wp-asset-c...ie.xml
windows10-2004-x64
1wp-asset-c...al.xml
windows7-x64
1wp-asset-c...al.xml
windows10-2004-x64
1wp-asset-c...ue.xml
windows7-x64
1wp-asset-c...ue.xml
windows10-2004-x64
1wp-asset-c...me.jpg
windows7-x64
3wp-asset-c...me.jpg
windows10-2004-x64
3wp-asset-c...go.xml
windows7-x64
1wp-asset-c...go.xml
windows10-2004-x64
1wp-asset-c...min.js
windows7-x64
1wp-asset-c...min.js
windows10-2004-x64
1wp-asset-c...rt2.js
windows7-x64
1wp-asset-c...rt2.js
windows10-2004-x64
1wp-asset-c...min.js
windows7-x64
1wp-asset-c...min.js
windows10-2004-x64
1wp-asset-c...bug.js
windows7-x64
1wp-asset-c...bug.js
windows10-2004-x64
1wp-asset-c...ar.ps1
windows7-x64
1wp-asset-c...ar.ps1
windows10-2004-x64
1wp-asset-c...es.ps1
windows7-x64
1wp-asset-c...es.ps1
windows10-2004-x64
1wp-asset-c...nUp.js
windows7-x64
1wp-asset-c...nUp.js
windows10-2004-x64
1wp-asset-c...ug.ps1
windows7-x64
1wp-asset-c...ug.ps1
windows10-2004-x64
1Analysis
-
max time kernel
111s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
15-10-2022 13:42
Static task
static1
Behavioral task
behavioral1
Sample
wp-asset-clean-up-pro/assets/auto-complete/main.js
Behavioral task
behavioral2
Sample
wp-asset-clean-up-pro/assets/auto-complete/main.js
Behavioral task
behavioral3
Sample
wp-asset-clean-up-pro/assets/chosen/chosen.jquery.min.js
Behavioral task
behavioral4
Sample
wp-asset-clean-up-pro/assets/chosen/chosen.jquery.min.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
wp-asset-clean-up-pro/assets/icons/icon-cloudflare.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral6
Sample
wp-asset-clean-up-pro/assets/icons/icon-cloudflare.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
wp-asset-clean-up-pro/assets/icons/icon-ie.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
wp-asset-clean-up-pro/assets/icons/icon-ie.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
wp-asset-clean-up-pro/assets/icons/loader-horizontal.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral10
Sample
wp-asset-clean-up-pro/assets/icons/loader-horizontal.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
wp-asset-clean-up-pro/assets/icons/premium-plugins/gravityforms-blue.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
wp-asset-clean-up-pro/assets/icons/premium-plugins/gravityforms-blue.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
wp-asset-clean-up-pro/assets/icons/themes/betheme.jpg
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
wp-asset-clean-up-pro/assets/icons/themes/betheme.jpg
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
wp-asset-clean-up-pro/assets/icons/woocommerce-icon-logo.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
wp-asset-clean-up-pro/assets/icons/woocommerce-icon-logo.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
wp-asset-clean-up-pro/assets/script.min.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
wp-asset-clean-up-pro/assets/script.min.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
wp-asset-clean-up-pro/assets/sweetalert2/dist/sweetalert2.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral20
Sample
wp-asset-clean-up-pro/assets/sweetalert2/dist/sweetalert2.js
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
wp-asset-clean-up-pro/assets/tooltipster/tooltipster.bundle.min.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
wp-asset-clean-up-pro/assets/tooltipster/tooltipster.bundle.min.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
wp-asset-clean-up-pro/assets/wpacu-debug.js
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral24
Sample
wp-asset-clean-up-pro/assets/wpacu-debug.js
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
wp-asset-clean-up-pro/classes/AdminBar.ps1
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
wp-asset-clean-up-pro/classes/AdminBar.ps1
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
wp-asset-clean-up-pro/classes/BulkChanges.ps1
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral28
Sample
wp-asset-clean-up-pro/classes/BulkChanges.ps1
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
wp-asset-clean-up-pro/classes/CleanUp.js
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
wp-asset-clean-up-pro/classes/CleanUp.js
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
wp-asset-clean-up-pro/classes/Debug.ps1
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
wp-asset-clean-up-pro/classes/Debug.ps1
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
wp-asset-clean-up-pro/assets/icons/woocommerce-icon-logo.xml
-
Size
3KB
-
MD5
5720092bba10bab79768360540f04126
-
SHA1
2d8b23e54e5b18c5b2b95323a8bc194a992f14df
-
SHA256
c8ae81d1eb9ee33882d4f8b5e8c627afd0c2b795dafdd6f0adb91af32882e982
-
SHA512
547d4f0cb776018018085a4ea5720c7495072222b46743d8ece6416d0de43e688d5bd9264163194df6fb7a74ef24237479e3388462b44305e16dae1ecf58c340
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf00000000020000000000106600000001000020000000797b69cb14857373ab46f6e994bd4516589975135294d898ad6a938d6a20b446000000000e8000000002000020000000106c084ecf58b4e808a8bd22a8b878288a030578f4ce0b3b362927817da802c3900000008d3c6a219533ca41c6a8b38af4d765a062224bd846035dbe120637c6a79b75d9c514036ed7cd9a67324e861232db10b4fbe46e84fc894e63d4a9328605b947dfa2904b50563f15f575a0a2467bd7771f8836d329be5013170cee5500d0b16eaf3cb2fec3c8399af5deefa5e81b12564a3c6c7e11c1a3232bbc4e9d4c171fb708c45eafedfc8b38a4829a3e060ed1cb9c40000000b469108a82b260e2561160bb72ee8a06575a15a88fb640d7aeeb0b656d297a37b4c5759608857796f7401f5b87d6d26de64555947c67ab7981ee45291df7821b IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5387CB01-4CA0-11ED-A448-E20468906380} = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf00000000020000000000106600000001000020000000bed7241d6c11fd78026f8ec9e2a7a37a066c74377630e591e52d5e133ba80cff000000000e8000000002000020000000f2b7d93f66a48474b5396784623e805b6583d4d75b2d1da5a7a6226d5ca8c55b20000000d0c23c809ef18a2d7765630fc326a4850fbf52a6506a9ed1babf4498576c203640000000837f76ebca32570924b0992d1f9ea0368b6deb76a29cc3e296e97dfcb6bda988122cff5ed55c403485136e9b3b529b1b9b99416ec0afecdc5565458354f1b85d IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50d27329ade0d801 IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "372613682" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1708 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1708 IEXPLORE.EXE 1708 IEXPLORE.EXE 908 IEXPLORE.EXE 908 IEXPLORE.EXE 908 IEXPLORE.EXE 908 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1468 wrote to memory of 1704 1468 MSOXMLED.EXE 29 PID 1468 wrote to memory of 1704 1468 MSOXMLED.EXE 29 PID 1468 wrote to memory of 1704 1468 MSOXMLED.EXE 29 PID 1468 wrote to memory of 1704 1468 MSOXMLED.EXE 29 PID 1704 wrote to memory of 1708 1704 iexplore.exe 30 PID 1704 wrote to memory of 1708 1704 iexplore.exe 30 PID 1704 wrote to memory of 1708 1704 iexplore.exe 30 PID 1704 wrote to memory of 1708 1704 iexplore.exe 30 PID 1708 wrote to memory of 908 1708 IEXPLORE.EXE 31 PID 1708 wrote to memory of 908 1708 IEXPLORE.EXE 31 PID 1708 wrote to memory of 908 1708 IEXPLORE.EXE 31 PID 1708 wrote to memory of 908 1708 IEXPLORE.EXE 31
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\wp-asset-clean-up-pro\assets\icons\woocommerce-icon-logo.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:908
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
603B
MD59d5708260bf550715edc858dac627aa3
SHA1f06e46b834fcc8c2da6bf8c17b2e1984c1736229
SHA256040f0d8b118112e692ce167e4189120b7764ea0e63f40ee28f44587ada221762
SHA512a27647fe20bdddbe0696e368b65c0d64d8ef4c7f7ac63608e5fe216172d5d59a15d9776067774f83d0b88d40f6de9d374d78aa444609b42ba77ca71351348431