Overview

overview

10

Static

static

VirusShare...4d.exe

windows7_x64

10

VirusShare...4d.exe

windows10_x64

10

VirusShare...4d.exe

windows10-2004_x64

10

VirusShare...4d.exe

windows11_x64

VirusShare...4d.exe

macos_amd64

1

VirusShare...4d.exe

linux_armhf

VirusShare...4d.exe

linux_mips

VirusShare...4d.exe

linux_mipsel

VirusShare...4d.exe

linux_amd64

Analysis

  • max time kernel
    539s
  • max time network
    1802s
  • platform
    macos_amd64
  • resource
    macos
  • submitted
    07-04-2022 19:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_41d87fa0c9244a9a098742155a862e4d.exe

  • Size

    382KB

  • MD5

    41d87fa0c9244a9a098742155a862e4d

  • SHA1

    f80f8a9584fd4ec0a3e86f0a4bedd66bf204bcdc

  • SHA256

    60767e516dcf017b6a446f383a87afda3ce002292866195bdcffb5c8e9dac0c9

  • SHA512

    bed43d92325b572f9a1dde0f6088569679619b50d55f120b67b3db0c5dd3c1db604702881b0f7180f1a66069a9f0e2177b7bbd70af8e88da530563163afbd359

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --status
    1⤵
      PID:593
    • /usr/sbin/spctl
      /usr/sbin/spctl --test-devid-status
      1⤵
        PID:595
      • /usr/bin/syslog
        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
        1⤵
          PID:597
        • /bin/sh
          sh -c "sudo /bin/zsh -c \"/Users/run/VirusShare_41d87fa0c9244a9a098742155a862e4d.exe\""
          1⤵
            PID:594
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Users/run/VirusShare_41d87fa0c9244a9a098742155a862e4d.exe\""
            1⤵
              PID:594
            • /bin/bash
              sh -c "sudo /bin/zsh -c \"/Users/run/VirusShare_41d87fa0c9244a9a098742155a862e4d.exe\""
              1⤵
                PID:594
              • /usr/bin/sudo
                sudo /bin/zsh -c /Users/run/VirusShare_41d87fa0c9244a9a098742155a862e4d.exe
                1⤵
                  PID:594
                • /usr/bin/sudo
                  sudo /bin/zsh -c /Users/run/VirusShare_41d87fa0c9244a9a098742155a862e4d.exe
                  1⤵
                    PID:594
                    • /bin/zsh
                      /bin/zsh -c /Users/run/VirusShare_41d87fa0c9244a9a098742155a862e4d.exe
                      2⤵
                        PID:609
                      • /bin/zsh
                        /bin/zsh -c /Users/run/VirusShare_41d87fa0c9244a9a098742155a862e4d.exe
                        2⤵
                          PID:609
                        • /Users/run/VirusShare_41d87fa0c9244a9a098742155a862e4d.exe
                          /Users/run/VirusShare_41d87fa0c9244a9a098742155a862e4d.exe
                          2⤵
                            PID:609
                          • /Users/run/VirusShare_41d87fa0c9244a9a098742155a862e4d.exe
                            /Users/run/VirusShare_41d87fa0c9244a9a098742155a862e4d.exe
                            2⤵
                              PID:609
                          • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
                            "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" "-Djdk.disableLastUsageTracking=true" "-Djava.awt.headless=true " -cp "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy.jar" com.sun.deploy.panel.ControlPanel -getSecurityLevel
                            1⤵
                              PID:619
                            • /usr/libexec/xpcproxy
                              xpcproxy com.apple.sysmond
                              1⤵
                                PID:621
                              • /usr/libexec/sysmond
                                /usr/libexec/sysmond
                                1⤵
                                  PID:621
                                • /usr/libexec/xpcproxy
                                  xpcproxy com.apple.spindump
                                  1⤵
                                    PID:645
                                  • /usr/sbin/spindump
                                    /usr/sbin/spindump
                                    1⤵
                                      PID:645
                                    • /usr/libexec/xpcproxy
                                      xpcproxy com.apple.diagnosticd
                                      1⤵
                                        PID:646
                                      • /usr/libexec/diagnosticd
                                        /usr/libexec/diagnosticd
                                        1⤵
                                          PID:646
                                        • /usr/libexec/xpcproxy
                                          xpcproxy com.apple.newsyslog
                                          1⤵
                                            PID:647
                                          • /usr/sbin/newsyslog
                                            /usr/sbin/newsyslog
                                            1⤵
                                              PID:647

                                            Network

                                            MITRE ATT&CK Matrix

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • /Users/run/Library/Application Support/Oracle/Java/Deployment/deployment.properties
                                              Filesize

                                              613B

                                              MD5

                                              3e1ce956d02f59aa8c1a4449cccc5f9a

                                              SHA1

                                              58cada7940ba888aa86bcca2a98685c0b1423686

                                              SHA256

                                              d65124224220e36cca23f95a17b2f5c19eadb08a3c3855366eb7c85f23f5c5f5

                                              SHA512

                                              b58364e272d06f3545737848cc8bf7a674cb7944bf740382b15eacb0f6e8f81b6018ada2f9ca95abf62334c8d0eebe933887c0311025637ed9a7f7a62eb6b44e

                                              Download Submit

                                            • /private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/hsperfdata_run/619
                                              Filesize

                                              32KB

                                              MD5

                                              e48c9680b1054895d9f69de41bea0102

                                              SHA1

                                              1cb28727dc8a3ae1cd17359d64bf3676edddcce8

                                              SHA256

                                              1f11bddf8356087fb980f56b183113c6ef632a41743130236b7dee6d76adf3c1

                                              SHA512

                                              66494ba63c78df96be082d42a9d8c3585f276c4a2d72bc3e25815b05d580cac73dad51ff9bf90ef3a51dc1bf317d4f037da33f572c7214a5b2eb467148e6aa23

                                              Download Submit