Overview

overview

1

Static

static

wp-all-imp...ead.js

windows7-x64

1

wp-all-imp...ead.js

windows10-2004-x64

1

wp-all-imp...pe.ps1

windows7-x64

1

wp-all-imp...pe.ps1

windows10-2004-x64

1

wp-all-imp...ing.js

windows7-x64

1

wp-all-imp...ing.js

windows10-2004-x64

1

wp-all-imp...es.ps1

windows7-x64

1

wp-all-imp...es.ps1

windows10-2004-x64

1

wp-all-imp...rce.js

windows7-x64

1

wp-all-imp...rce.js

windows10-2004-x64

1

wp-all-imp...ent.js

windows7-x64

1

wp-all-imp...ent.js

windows10-2004-x64

1

wp-all-imp..._99.js

windows7-x64

1

wp-all-imp..._99.js

windows10-2004-x64

1

wp-all-imp...el.ps1

windows7-x64

1

wp-all-imp...el.ps1

windows10-2004-x64

1

wp-all-imp...se.ps1

windows7-x64

1

wp-all-imp...se.ps1

windows10-2004-x64

1

wp-all-imp...ry.ps1

windows7-x64

1

wp-all-imp...ry.ps1

windows10-2004-x64

1

wp-all-imp...se.ps1

windows7-x64

1

wp-all-imp...se.ps1

windows10-2004-x64

1

wp-all-imp...me.ps1

windows7-x64

1

wp-all-imp...me.ps1

windows10-2004-x64

1

wp-all-imp...ef.ps1

windows7-x64

1

wp-all-imp...ef.ps1

windows10-2004-x64

1

wp-all-imp...ig.ps1

windows7-x64

1

wp-all-imp...ig.ps1

windows10-2004-x64

1

wp-all-imp...al.ps1

windows7-x64

1

wp-all-imp...al.ps1

windows10-2004-x64

1

wp-all-imp...ell.js

windows7-x64

1

wp-all-imp...ell.js

windows10-2004-x64

1

Analysis

  • max time kernel
    11s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2022, 15:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    wp-all-import-pro/actions/wp_ajax_test_images.ps1

  • Size

    5KB

  • MD5

    636409b9ceb911714577282693418c8a

  • SHA1

    08411866410977f313f97e45631629fd47949f8c

  • SHA256

    8f01a0df575808c725707a7578718871c07f68f90658f4c89b19607dbd72c6af

  • SHA512

    fb86f2eae591fb72c6d7cfb7f07551c9cfb1ae43c68cf655111c34681828b8f1c367487692ec7bb30597bd08bb74496f1380c07850ea68b043bb971de2145159

  • SSDEEP

    96:ajLDUuAMyEIF+miMyHWIhjXzrX6P3AyncceSX+X6zCFUtYwJhrRwUOkXBX6N2/:bYyPF+mKHDrKP9nHPuKjYwJoU3RKU

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\wp-all-import-pro\actions\wp_ajax_test_images.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2000

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2000-54-0x000007FEFC161000-0x000007FEFC163000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2000-55-0x000007FEF3DE0000-0x000007FEF4803000-memory.dmp

          Filesize

          10.1MB

          Download

        • memory/2000-57-0x00000000024C4000-0x00000000024C7000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2000-56-0x000007FEF3280000-0x000007FEF3DDD000-memory.dmp

          Filesize

          11.4MB

          Download

        • memory/2000-58-0x00000000024CB000-0x00000000024EA000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2000-59-0x00000000024C4000-0x00000000024C7000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2000-60-0x00000000024CB000-0x00000000024EA000-memory.dmp

          Filesize

          124KB

          Download