Overview

overview

6

Static

static

WindowsDef...rd.wim

windows7-x64

3

WindowsDef...rd.wim

windows10-1703-x64

6

WindowsDef...rd.wim

windows10-2004-x64

3

WindowsDef...rd.wim

android-10-x64

WindowsDef...rd.wim

android-11-x64

WindowsDef...rd.wim

android-9-x86

WindowsDef...rd.wim

macos-10.15-amd64

1

WindowsDef...rd.wim

debian-9-armhf

WindowsDef...rd.wim

debian-9-mips

WindowsDef...rd.wim

debian-9-mipsel

WindowsDef...rd.wim

ubuntu-18.04-amd64

Analysis

  • max time kernel
    341s
  • max time network
    1199s
  • platform
    macos_amd64
  • resource
    macos-20220504-en
  • resource tags

    arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    24-12-2022 07:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WindowsDefenderApplicationGuard.wim

  • Size

    30.5MB

  • MD5

    e069ad898b074b8cf98256516aed064c

  • SHA1

    a040057d2edf90ebb14b90a52b92eeb5b5d1faa1

  • SHA256

    d215f9c3834c64134eb60d6b64ae143409e76570d5d9a4f3488a1e8aba9ab8b2

  • SHA512

    e86b57c2a62046e46b8b5edebdd59a4f39d4a198cf83af8086bbfb559b22ae8b586833077f6092a94627ed9a32c9fcb413106f63a160290900d725ed1535132d

  • SSDEEP

    786432:M8mV0NuwtR/8+GDp9ULmz1MXxc9cy8avU5FVYiqV7pbM:M8mV0kwtR61yLmiBc9ia82I

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/WindowsDefenderApplicationGuard.wim\""
    1⤵
      PID:504
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/WindowsDefenderApplicationGuard.wim\""
      1⤵
        PID:504
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/WindowsDefenderApplicationGuard.wim\""
        1⤵
          PID:504
        • /usr/bin/sudo
          sudo /bin/zsh -c /Users/run/WindowsDefenderApplicationGuard.wim
          1⤵
            PID:504
          • /usr/bin/sudo
            sudo /bin/zsh -c /Users/run/WindowsDefenderApplicationGuard.wim
            1⤵
              PID:504
              • /bin/zsh
                /bin/zsh -c /Users/run/WindowsDefenderApplicationGuard.wim
                2⤵
                  PID:510
                • /bin/zsh
                  /bin/zsh -c /Users/run/WindowsDefenderApplicationGuard.wim
                  2⤵
                    PID:510
                  • /Users/run/WindowsDefenderApplicationGuard.wim
                    /Users/run/WindowsDefenderApplicationGuard.wim
                    2⤵
                      PID:510
                    • /Users/run/WindowsDefenderApplicationGuard.wim
                      /Users/run/WindowsDefenderApplicationGuard.wim
                      2⤵
                        PID:510
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.spindump
                      1⤵
                        PID:542
                      • /usr/sbin/spindump
                        /usr/sbin/spindump
                        1⤵
                          PID:542
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.diagnosticd
                          1⤵
                            PID:543
                          • /usr/libexec/diagnosticd
                            /usr/libexec/diagnosticd
                            1⤵
                              PID:543

                            Network

                            MITRE ATT&CK Matrix

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads