Static

static

wp-asset-c...ain.js

 

wp-asset-c...ain.js

 

wp-asset-c...min.js

 

wp-asset-c...min.js

windows10-2004-x64

1

wp-asset-c...re.xml

windows7-x64

1

wp-asset-c...re.xml

windows10-2004-x64

1

wp-asset-c...ie.xml

windows7-x64

1

wp-asset-c...ie.xml

windows10-2004-x64

1

wp-asset-c...al.xml

windows7-x64

1

wp-asset-c...al.xml

windows10-2004-x64

1

wp-asset-c...ue.xml

windows7-x64

1

wp-asset-c...ue.xml

windows10-2004-x64

1

wp-asset-c...me.jpg

windows7-x64

3

wp-asset-c...me.jpg

windows10-2004-x64

3

wp-asset-c...go.xml

windows7-x64

1

wp-asset-c...go.xml

windows10-2004-x64

1

wp-asset-c...min.js

windows7-x64

1

wp-asset-c...min.js

windows10-2004-x64

1

wp-asset-c...rt2.js

windows7-x64

1

wp-asset-c...rt2.js

windows10-2004-x64

1

wp-asset-c...min.js

windows7-x64

1

wp-asset-c...min.js

windows10-2004-x64

1

wp-asset-c...bug.js

windows7-x64

1

wp-asset-c...bug.js

windows10-2004-x64

1

wp-asset-c...ar.ps1

windows7-x64

1

wp-asset-c...ar.ps1

windows10-2004-x64

1

wp-asset-c...es.ps1

windows7-x64

1

wp-asset-c...es.ps1

windows10-2004-x64

1

wp-asset-c...nUp.js

windows7-x64

1

wp-asset-c...nUp.js

windows10-2004-x64

1

wp-asset-c...ug.ps1

windows7-x64

1

wp-asset-c...ug.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    41s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    15-10-2022 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wp-asset-clean-up-pro/classes/BulkChanges.ps1

  • Size

    13KB

  • MD5

    7a51835aea576fd31d97ff49b7e247d5

  • SHA1

    e2f574453421c604b975a11b03e64ecc017e62f6

  • SHA256

    f128457b6fb731907fb8db8ffa6246cdd10918e4fa90e64614b5b7d57e475002

  • SHA512

    eb6efdd105fe22620ee074ca85ac036346e86e5b7e365b1dda6cb28d2ed04ee04ef4348fb4ded7619a5cc9aeadf238600663ad4c83d026acc14d4c4f1e0cc7b8

  • SSDEEP

    384:b3Ya94Dn6XM8FnEr3525cuvUNr0GeDjsutgr:b3Ya94r6XM8FnErp2hUp0DDjsutgr

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\wp-asset-clean-up-pro\classes\BulkChanges.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1724-54-0x000007FEFB7F1000-0x000007FEFB7F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1724-55-0x000007FEF31B0000-0x000007FEF3BD3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1724-56-0x000007FEF2650000-0x000007FEF31AD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1724-57-0x0000000002974000-0x0000000002977000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1724-58-0x000000001B740000-0x000000001BA3F000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1724-59-0x0000000002974000-0x0000000002977000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1724-60-0x000000000297B000-0x000000000299A000-memory.dmp

    Filesize

    124KB

    Download