96f7df1c984c1753289600f7f373f3a98a4f09f82acc1be8ecfd5790763a355b | Triage

Submit
Reports

Overview

overview

Static

static

8

rook1.exe

windows7_x64

rook1.exe

windows10_x64

rook1.exe

macos_amd64

1

rook1.exe

linux_amd64

Resubmissions

11-01-2022 18:27

220111-w33m7agfg9 10

20-12-2021 20:51

211220-zm6xfsbge6 10

Analysis

max time kernel
7s
max time network
9s
platform
macos_amd64
resource
macos
submitted
11-01-2022 18:27

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

rook1.exe

Resource

win7-en-20211208

rook ransomware vmprotect

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

rook1.exe

Resource

win10-en-20211208

rook discovery ransomware vmprotect

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

rook1.exe

Resource

macos

macos_amd64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

rook1.exe

Resource

ubuntu1804-amd64-en-20211208

linux_amd64

0 signatures

0 seconds

Report Analysis Logs

General

Target

rook1.exe
Size

5.4MB
MD5

4f7adc32ec67c1a55853ef828fe58707
SHA1

36de7997949ac3b9b456023fb072b9a8cd84ade8
SHA256

96f7df1c984c1753289600f7f373f3a98a4f09f82acc1be8ecfd5790763a355b
SHA512

a45e4a20133c842037789157c3ed845afdefbb0d2fe3958d75f0cb3cdfeee106262f9de0e0aca92ac84a0211432cd19773e0f769b970ddb8a80e5f7855676f74

Score

1^/10

Malware Config

Signatures

Processes

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:610

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:611

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/rook1.exe\""
1⤵
PID:612

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/rook1.exe\""
1⤵
PID:612

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/rook1.exe\""
1⤵
PID:612

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/rook1.exe
1⤵
PID:612

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/rook1.exe
1⤵
PID:612
- /bin/zsh
  /bin/zsh -c /Users/run/rook1.exe
  2⤵
  PID:613
- /bin/zsh
  /bin/zsh -c /Users/run/rook1.exe
  2⤵
  PID:613
- /Users/run/rook1.exe
  /Users/run/rook1.exe
  2⤵
  PID:613
- /Users/run/rook1.exe
  /Users/run/rook1.exe
  2⤵
  PID:613

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" "-Djdk.disableLastUsageTracking=true" "-Djava.awt.headless=true " -cp "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy.jar" com.sun.deploy.panel.ControlPanel -getSecurityLevel
1⤵
PID:635

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:640

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:640

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.systemsoundserverd
1⤵
PID:641

/usr/sbin/systemsoundserverd
/usr/sbin/systemsoundserverd
1⤵
PID:641

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:642

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:642

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Application Support/Oracle/Java/Deployment/deployment.properties

MD5
88c601eaaeb0c97cf7a29d7a89da8817

SHA1
c8cf570091ff19845d6ce37beea4bdea8c15ae75

SHA256
f2830abbdb31aa121951d64f9cc1d56c1c23b078e5732562a61264aef2120c7a

SHA512
6ab113528ff95893af908522ddf0c9bc8807837490bd5c897b86e426cecf95d7eae221b2e7b03a609ba174ba8022120f2f8659bef04a3d0f1599a6ad22003e20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/hsperfdata_run/635

MD5
457c54b88721fdf76d6d873051310d65

SHA1
ab603cee5bf5ff41d3859507cc695531850f13d6

SHA256
99d69c0ba0f7087d1ff6fc8e51a1600d9a265a40e986eb270102aeff2baca091

SHA512
bded1f352f5bc6f8bd605df60354e8b4953cb0f594181877b0cf216c761c31fbd5a4749949794ad3320af1f5eb64da94c7ea5e0d788d7e284853bec129d23a59

Download Submit

© 2018-2024

Terms | Privacy