Overview

overview

10

Static

static

10

wordpress-6.7.1.zip

windows10-2004-x64

3

wordpress/...rl.ps1

windows10-2004-x64

3

wordpress/...pen.js

windows10-2004-x64

3

wordpress/...SQL.js

windows10-2004-x64

3

wordpress/...er.pdf

windows10-2004-x64

3

wordpress/...ies.js

windows10-2004-x64

3

wordpress/...le.ps1

windows10-2004-x64

3

wordpress/...or.ps1

windows10-2004-x64

3

wordpress/...sc.ps1

windows10-2004-x64

3

wordpress/...te.ps1

windows10-2004-x64

3

wordpress/...ze.ps1

windows10-2004-x64

3

wordpress/...Pie.js

windows10-2004-x64

3

wordpress/...iff.js

windows10-2004-x64

3

wordpress/...ell.js

windows10-2004-x64

3

wordpress/...rer.js

windows10-2004-x64

3

wordpress/...ine.js

windows10-2004-x64

3

wordpress/...lib.js

windows10-2004-x64

3

wordpress/...or.ps1

windows10-2004-x64

3

wordpress/...ts.ps1

windows10-2004-x64

3

wordpress/...ks.ps1

windows10-2004-x64

3

wordpress/...ies.js

windows10-2004-x64

3

wordpress/...te.ps1

windows10-2004-x64

3

wordpress/...ry.ps1

windows10-2004-x64

3

wordpress/...son.js

windows10-2004-x64

3

wordpress/...ass.js

windows10-2004-x64

3

wordpress/...op3.js

windows10-2004-x64

3

wordpress/...se.txt

windows10-2004-x64

1

wordpress/...on.gif

windows10-2004-x64

3

wordpress/...ck.png

windows10-2004-x64

3

wordpress/...ox.css

windows10-2004-x64

7

wordpress/...se.txt

windows10-2004-x64

1

wordpress/...og.css

windows10-2004-x64

7

Analysis

  • max time kernel
    88s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2024 14:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wordpress/wp-includes/js/tinymce/plugins/compat3x/css/dialog.css

  • Size

    7KB

  • MD5

    aa77790f42e50f03b4ef956fc37cedd8

  • SHA1

    872d5e2ae1e7b527619d4925123f6f8005bd696e

  • SHA256

    48ff43089a1058bc227a219ede4a08ff89a20fdcebd07a916d508d7636caae31

  • SHA512

    116aea0eb6fd5827e44de294b7c6d79c8cfdcc282bff6aa1f8ac9d77ffe829e8f380a3c3d248c5c40d339b437d4d50188ea88eb691a121cfc45e4c2e0a6da20c

  • SSDEEP

    192:+ev/3YPmBD0Op9O654qZbL4AUqXSN4FuIlIIRln:LW6pb8AJXSN4g4rRln

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\wordpress\wp-includes\js\tinymce\plugins\compat3x\css\dialog.css
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\wordpress\wp-includes\js\tinymce\plugins\compat3x\css\dialog.css
      2⤵
        PID:2452

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads