Overview

overview

10

Static

static

VirusShare...5b.exe

windows7_x64

10

VirusShare...5b.exe

windows10_x64

10

VirusShare...5b.exe

windows10-2004_x64

10

VirusShare...5b.exe

windows11_x64

VirusShare...5b.exe

macos_amd64

1

VirusShare...5b.exe

linux_armhf

VirusShare...5b.exe

linux_mips

VirusShare...5b.exe

linux_mipsel

VirusShare...5b.exe

linux_amd64

Analysis

  • max time kernel
    216s
  • max time network
    1802s
  • platform
    macos_amd64
  • resource
    macos
  • submitted
    07-04-2022 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_41dd108ada487cb93a6e099e074f605b.exe

  • Size

    382KB

  • MD5

    41dd108ada487cb93a6e099e074f605b

  • SHA1

    354f9fcee3214078d2bc5e3ea55c6b678c2fe2bf

  • SHA256

    aebce4939ad8d8df9d1807debb140669e47a24c71b7978249362d3b0900c33f3

  • SHA512

    33adb352e06e779871224ce094954756f15e49785fc14f8c8a02476b420b00907961d3489944c2da42fa84e8185f0f6bc7eefde58ebc4ae213fed9bfa1b5932b

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/VirusShare_41dd108ada487cb93a6e099e074f605b.exe\""
    1⤵
      PID:618
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/VirusShare_41dd108ada487cb93a6e099e074f605b.exe\""
      1⤵
        PID:618
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/VirusShare_41dd108ada487cb93a6e099e074f605b.exe\""
        1⤵
          PID:618
        • /usr/bin/sudo
          sudo /bin/zsh -c /Users/run/VirusShare_41dd108ada487cb93a6e099e074f605b.exe
          1⤵
            PID:618
          • /usr/bin/sudo
            sudo /bin/zsh -c /Users/run/VirusShare_41dd108ada487cb93a6e099e074f605b.exe
            1⤵
              PID:618
              • /bin/zsh
                /bin/zsh -c /Users/run/VirusShare_41dd108ada487cb93a6e099e074f605b.exe
                2⤵
                  PID:621
                • /bin/zsh
                  /bin/zsh -c /Users/run/VirusShare_41dd108ada487cb93a6e099e074f605b.exe
                  2⤵
                    PID:621
                  • /Users/run/VirusShare_41dd108ada487cb93a6e099e074f605b.exe
                    /Users/run/VirusShare_41dd108ada487cb93a6e099e074f605b.exe
                    2⤵
                      PID:621
                    • /Users/run/VirusShare_41dd108ada487cb93a6e099e074f605b.exe
                      /Users/run/VirusShare_41dd108ada487cb93a6e099e074f605b.exe
                      2⤵
                        PID:621
                    • /usr/sbin/spctl
                      /usr/sbin/spctl --test-devid-status
                      1⤵
                        PID:619
                      • /usr/bin/syslog
                        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
                        1⤵
                          PID:620
                        • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
                          "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" "-Djdk.disableLastUsageTracking=true" "-Djava.awt.headless=true " -cp "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy.jar" com.sun.deploy.panel.ControlPanel -getSecurityLevel
                          1⤵
                            PID:622
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.sysmond
                            1⤵
                              PID:644
                            • /usr/libexec/sysmond
                              /usr/libexec/sysmond
                              1⤵
                                PID:644
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.newsyslog
                                1⤵
                                  PID:645
                                • /usr/sbin/newsyslog
                                  /usr/sbin/newsyslog
                                  1⤵
                                    PID:645
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.ReportMemoryException
                                    1⤵
                                      PID:646
                                    • /usr/libexec/ReportMemoryException
                                      /usr/libexec/ReportMemoryException
                                      1⤵
                                        PID:646
                                      • /usr/libexec/xpcproxy
                                        xpcproxy com.apple.diagnosticd
                                        1⤵
                                          PID:647
                                        • /usr/libexec/diagnosticd
                                          /usr/libexec/diagnosticd
                                          1⤵
                                            PID:647

                                          Network

                                          MITRE ATT&CK Matrix

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • /Users/run/Library/Application Support/Oracle/Java/Deployment/deployment.properties
                                            Filesize

                                            613B

                                            MD5

                                            b27b91ebaa8a120a2e5ee2e6f5b19633

                                            SHA1

                                            a5c8925ca40c219da9e4c4fb75d83a778de810ed

                                            SHA256

                                            34be2cfac77cd1f7d39f32b48367efdf6c78bcad9d1016ae2ebe6eb8e3aec383

                                            SHA512

                                            f5558ff346ee8b8b8a9e6c61cfa458cbbe48c9a2680733d8a7f9a5d9e34fc056ff163fc83483ce88ee1f46a4769463f70cbebd586918fd81f82d6f663d4e14b9

                                            Download Submit

                                          • /private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/hsperfdata_run/622
                                            Filesize

                                            32KB

                                            MD5

                                            209ab030974ebdbcd509fef2ed8540f7

                                            SHA1

                                            db6f301037ff2d0faaef43b171cf621780576959

                                            SHA256

                                            bf2df91f20fcb537a136245917edaf2d4e853ea4c3ac92fc1c36f331b7bdcb6d

                                            SHA512

                                            1e91a303cd3e2432f76a9e21e3803679fd46a4a02dc4b5c413a192267f6fbc9f1c2b5e66677de4bd53724c564099dbffa73860c746991d416159fb144b0e0ea8

                                            Download Submit