52db54ef62291a6b75d8d023ede466956b11e74ff8ed31aaaa3e87b88003e491 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

shove

macos-10.15-amd64

1

Analysis

max time kernel
652s
max time network
655s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
09/09/2022, 14:21

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

shove

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

600 seconds

Report Analysis Logs

General

Target

shove
Size

165KB
MD5

dab92acede35ff12eed3dc40a3753292
SHA1

423c4dc619caa7562229c8d47cdc5a9452ac10d3
SHA256

52db54ef62291a6b75d8d023ede466956b11e74ff8ed31aaaa3e87b88003e491
SHA512

bc2a751ca088f9735f4029cb738bac8ec540f21286a6f7fc604edca8c19cfcc0ab0dc63f8606e6c2ba7079adb2f2c839b2029dc53c037a68b40320624a7d3881
SSDEEP

768:JMyd8MlbL7x3TUi/1eVYI8lZxMDr9Q+srhkI8:hGK3Qi/QVz2xmr9Fstf

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/shove\""
1⤵
PID:489

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/shove\""
1⤵
PID:489

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/shove\""
1⤵
PID:489

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/shove
1⤵
PID:489

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/shove
1⤵
PID:489
- /bin/zsh
  /bin/zsh -c /Users/run/shove
  2⤵
  PID:492
- /bin/zsh
  /bin/zsh -c /Users/run/shove
  2⤵
  PID:492
- /Users/run/shove
  /Users/run/shove
  2⤵
  PID:492
- /Users/run/shove
  /Users/run/shove
  2⤵
  PID:492

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:490

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:493

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:494

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:519

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:519

/bin/ls
ls
1⤵
PID:537

/bin/ls
ls
1⤵
PID:537

/usr/local/bin/shove
shove
1⤵
PID:539

/usr/local/bin/shove
shove
1⤵
PID:539

/usr/bin/shove
shove
1⤵
PID:539

/usr/bin/shove
shove
1⤵
PID:539

/bin/shove
shove
1⤵
PID:539

/bin/shove
shove
1⤵
PID:539

/usr/sbin/shove
shove
1⤵
PID:539

/usr/sbin/shove
shove
1⤵
PID:539

/sbin/shove
shove
1⤵
PID:539

/sbin/shove
shove
1⤵
PID:539

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:540

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:540

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:542

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:542

shove./
shove./
1⤵
PID:547

shove./
shove./
1⤵
PID:547

./shove
./shove
1⤵
PID:548

./shove
./shove
1⤵
PID:548

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
1⤵
PID:549

/usr/sbin/newsyslog
/usr/sbin/newsyslog
1⤵
PID:549

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy