Static

static

wp-asset-c...ain.js

 

wp-asset-c...ain.js

 

wp-asset-c...min.js

 

wp-asset-c...min.js

windows10-2004-x64

1

wp-asset-c...re.xml

windows7-x64

1

wp-asset-c...re.xml

windows10-2004-x64

1

wp-asset-c...ie.xml

windows7-x64

1

wp-asset-c...ie.xml

windows10-2004-x64

1

wp-asset-c...al.xml

windows7-x64

1

wp-asset-c...al.xml

windows10-2004-x64

1

wp-asset-c...ue.xml

windows7-x64

1

wp-asset-c...ue.xml

windows10-2004-x64

1

wp-asset-c...me.jpg

windows7-x64

3

wp-asset-c...me.jpg

windows10-2004-x64

3

wp-asset-c...go.xml

windows7-x64

1

wp-asset-c...go.xml

windows10-2004-x64

1

wp-asset-c...min.js

windows7-x64

1

wp-asset-c...min.js

windows10-2004-x64

1

wp-asset-c...rt2.js

windows7-x64

1

wp-asset-c...rt2.js

windows10-2004-x64

1

wp-asset-c...min.js

windows7-x64

1

wp-asset-c...min.js

windows10-2004-x64

1

wp-asset-c...bug.js

windows7-x64

1

wp-asset-c...bug.js

windows10-2004-x64

1

wp-asset-c...ar.ps1

windows7-x64

1

wp-asset-c...ar.ps1

windows10-2004-x64

1

wp-asset-c...es.ps1

windows7-x64

1

wp-asset-c...es.ps1

windows10-2004-x64

1

wp-asset-c...nUp.js

windows7-x64

1

wp-asset-c...nUp.js

windows10-2004-x64

1

wp-asset-c...ug.ps1

windows7-x64

1

wp-asset-c...ug.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    83s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2022, 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wp-asset-clean-up-pro/classes/BulkChanges.ps1

  • Size

    13KB

  • MD5

    7a51835aea576fd31d97ff49b7e247d5

  • SHA1

    e2f574453421c604b975a11b03e64ecc017e62f6

  • SHA256

    f128457b6fb731907fb8db8ffa6246cdd10918e4fa90e64614b5b7d57e475002

  • SHA512

    eb6efdd105fe22620ee074ca85ac036346e86e5b7e365b1dda6cb28d2ed04ee04ef4348fb4ded7619a5cc9aeadf238600663ad4c83d026acc14d4c4f1e0cc7b8

  • SSDEEP

    384:b3Ya94Dn6XM8FnEr3525cuvUNr0GeDjsutgr:b3Ya94r6XM8FnErp2hUp0DDjsutgr

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\wp-asset-clean-up-pro\classes\BulkChanges.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1528-132-0x00000259EF260000-0x00000259EF282000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1528-133-0x00007FF9F3B20000-0x00007FF9F45E1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1528-134-0x00007FF9F3B20000-0x00007FF9F45E1000-memory.dmp

    Filesize

    10.8MB

    Download