0ed42027b64509cdb1e5b945d97f09a7b223c5c5e82f7fd82a9fcd82de01077e

Submit
Reports

Overview

overview

Static

static

wp-all-imp...ead.js

windows7-x64

wp-all-imp...ead.js

windows10-2004-x64

wp-all-imp...pe.ps1

windows7-x64

wp-all-imp...pe.ps1

windows10-2004-x64

wp-all-imp...ing.js

windows7-x64

wp-all-imp...ing.js

windows10-2004-x64

wp-all-imp...es.ps1

windows7-x64

wp-all-imp...es.ps1

windows10-2004-x64

wp-all-imp...rce.js

windows7-x64

wp-all-imp...rce.js

windows10-2004-x64

wp-all-imp...ent.js

windows7-x64

wp-all-imp...ent.js

windows10-2004-x64

wp-all-imp..._99.js

windows7-x64

wp-all-imp..._99.js

windows10-2004-x64

wp-all-imp...el.ps1

windows7-x64

wp-all-imp...el.ps1

windows10-2004-x64

wp-all-imp...se.ps1

windows7-x64

wp-all-imp...se.ps1

windows10-2004-x64

wp-all-imp...ry.ps1

windows7-x64

wp-all-imp...ry.ps1

windows10-2004-x64

wp-all-imp...se.ps1

windows7-x64

wp-all-imp...se.ps1

windows10-2004-x64

wp-all-imp...me.ps1

windows7-x64

wp-all-imp...me.ps1

windows10-2004-x64

wp-all-imp...ef.ps1

windows7-x64

wp-all-imp...ef.ps1

windows10-2004-x64

wp-all-imp...ig.ps1

windows7-x64

wp-all-imp...ig.ps1

windows10-2004-x64

wp-all-imp...al.ps1

windows7-x64

wp-all-imp...al.ps1

windows10-2004-x64

wp-all-imp...ell.js

windows7-x64

wp-all-imp...ell.js

windows10-2004-x64

Analysis

max time kernel
87s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-10-2022 15:27

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

wp-all-import-pro/actions/admin_head.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

wp-all-import-pro/actions/admin_head.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

wp-all-import-pro/actions/wp_ajax_get_bundle_post_type.ps1

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

wp-all-import-pro/actions/wp_ajax_get_bundle_post_type.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral5

Sample

wp-all-import-pro/actions/wp_ajax_save_import_scheduling.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

wp-all-import-pro/actions/wp_ajax_save_import_scheduling.js

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

wp-all-import-pro/actions/wp_ajax_test_images.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

wp-all-import-pro/actions/wp_ajax_test_images.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral9

Sample

wp-all-import-pro/actions/wp_ajax_upload_resource.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

wp-all-import-pro/actions/wp_ajax_upload_resource.js

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

wp-all-import-pro/actions/wp_ajax_wpai_scheduling_dialog_content.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

wp-all-import-pro/actions/wp_ajax_wpai_scheduling_dialog_content.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

wp-all-import-pro/actions/wp_loaded_99.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

wp-all-import-pro/actions/wp_loaded_99.js

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

wp-all-import-pro/classes/PHPExcel.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

wp-all-import-pro/classes/PHPExcel.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

wp-all-import-pro/classes/PHPExcel/CachedObjectStorage/CacheBase.ps1

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

wp-all-import-pro/classes/PHPExcel/CachedObjectStorage/CacheBase.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

wp-all-import-pro/classes/PHPExcel/CachedObjectStorage/Memory.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

wp-all-import-pro/classes/PHPExcel/CachedObjectStorage/Memory.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral21

Sample

wp-all-import-pro/classes/PHPExcel/Calculation/Database.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

wp-all-import-pro/classes/PHPExcel/Calculation/Database.ps1

Resource

win10v2004-20220901-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral23

Sample

wp-all-import-pro/classes/PHPExcel/Calculation/DateTime.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

wp-all-import-pro/classes/PHPExcel/Calculation/DateTime.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral25

Sample

wp-all-import-pro/classes/PHPExcel/Calculation/LookupRef.ps1

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

wp-all-import-pro/classes/PHPExcel/Calculation/LookupRef.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

wp-all-import-pro/classes/PHPExcel/Calculation/MathTrig.ps1

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

wp-all-import-pro/classes/PHPExcel/Calculation/MathTrig.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

wp-all-import-pro/classes/PHPExcel/Calculation/Statistical.ps1

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

wp-all-import-pro/classes/PHPExcel/Calculation/Statistical.ps1

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral31

Sample

wp-all-import-pro/classes/PHPExcel/Cell.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

wp-all-import-pro/classes/PHPExcel/Cell.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

wp-all-import-pro/classes/PHPExcel/Calculation/DateTime.ps1
Size

67KB
MD5

d3df7dcddbf3f5c133d44b0bcbc512ed
SHA1

7fd3b021ebaa372063a3553e0214e2cc9355b4d1
SHA256

e8fbfa73a63bb0b82b6d9720f32e96247ce6291b1eea3972b064bb556a5725eb
SHA512

6a9319af892e76fadb00cc5d17850c75dcce557a41937c49a12e4b7969167adf71bd1727ec2a73e00df460fac73b0a9a526a7855dd7a4574e3cd6f2fe8ac199b
SSDEEP

384:RuEitdCa4xVeb7NBbFos80+HWt1qe4uryxaI1L/QYOAVrdW8CpAr8E1SWF7f7aIT:RurdCPEbZBJZpKKryBzZSWFiIkGuA

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
980	powershell.exe
980	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	980	powershell.exe

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\wp-all-import-pro\classes\PHPExcel\Calculation\DateTime.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/980-132-0x000002601FB80000-0x000002601FBA2000-memory.dmp

Filesize
136KB

Download
memory/980-133-0x00007FFC17D10000-0x00007FFC187D1000-memory.dmp

Filesize
10.8MB

Download
memory/980-134-0x00007FFC17D10000-0x00007FFC187D1000-memory.dmp

Filesize
10.8MB

Download