Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
124s -
max time network
125s -
platform
macos_amd64 -
resource
macos-20220504-en -
resource tags
arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
05/02/2023, 10:43
Static task
static1
Behavioral task
behavioral1
Sample
hello.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
hello.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
hello.exe
Resource
macos-20220504-en
Behavioral task
behavioral4
Sample
hello.exe
Resource
ubuntu1804-amd64-20221111-en
General
-
Target
hello.exe
-
Size
952KB
-
MD5
bfcf6557c5a4b86b90e13bedd6a42087
-
SHA1
a0512191b5f18f0ab794b448f4866250c326d2c6
-
SHA256
236d5b0ad50c58a4c23b0080bc555c543b90afdef239ddec1ce2f4fa34849c09
-
SHA512
99a90eee3176a561dcb99533d509e98f522e1fa3fca0f1d5df4d33675038c1d5a4ddf80e664fc282a33fa53f02583aea1bd598584a024d09cfc5c6ca21d42288
-
SSDEEP
24576:jRa8fXfwkros1tJ8QD0RywEiE1g5sIgihnL08n:9ZXos3JFoTEiFgiG8
Malware Config
Signatures
Processes
-
/usr/sbin/spctl/usr/sbin/spctl --status1⤵PID:493
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/hello.exe\""1⤵PID:494
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/hello.exe\""1⤵PID:494
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/hello.exe\""1⤵PID:494
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/hello.exe1⤵PID:494
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/hello.exe1⤵PID:494
-
/bin/zsh/bin/zsh -c /Users/run/hello.exe2⤵PID:507
-
-
/bin/zsh/bin/zsh -c /Users/run/hello.exe2⤵PID:507
-
-
/Users/run/hello.exe/Users/run/hello.exe2⤵PID:507
-
-
/Users/run/hello.exe/Users/run/hello.exe2⤵PID:507
-
-
/usr/sbin/spctl/usr/sbin/spctl --test-devid-status1⤵PID:508
-
/usr/bin/syslog/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"1⤵PID:509
-
/bin/lsls1⤵PID:522
-
/bin/lsls1⤵PID:522
-
./hello.exe./hello.exe1⤵PID:523
-
./hello.exe./hello.exe1⤵PID:523
-
/bin/bashbash hello.exe1⤵PID:525
-
/bin/bashbash hello.exe1⤵PID:525
-
/usr/bin/unameuname -m2⤵PID:526
-
-
/usr/bin/unameuname -m2⤵PID:526
-
-
/bin/mkdirmkdir -p /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/2⤵PID:528
-
-
/bin/mkdirmkdir -p /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/2⤵PID:528
-
-
/bin/dddd "if=" "of=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.525" "skip=146" "count=128" "bs=64"2⤵PID:529
-
-
/bin/dddd "if=" "of=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.525" "skip=146" "count=128" "bs=64"2⤵PID:529
-
-
/bin/dddd "if=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.525" "of=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.525" "skip=6" "count=10" "bs=64" "conv=notrunc"2⤵PID:530
-
-
/bin/dddd "if=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.525" "of=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.525" "skip=6" "count=10" "bs=64" "conv=notrunc"2⤵PID:530
-
-
/bin/chmodchmod 755 /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.5252⤵PID:531
-
-
/bin/chmodchmod 755 /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.5252⤵PID:531
-
-
/bin/mvmv -f /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.525 /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape2⤵PID:532
-
-
/bin/mvmv -f /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.525 /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape2⤵PID:532
-
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape1⤵PID:525
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape1⤵PID:525
-
/bin/shsh hello.exe1⤵PID:533
-
/bin/shsh hello.exe1⤵PID:533
-
/bin/bashsh hello.exe1⤵PID:533
-
/bin/bashsh hello.exe1⤵PID:533
-
/usr/bin/unameuname -m2⤵PID:534
-
-
/usr/bin/unameuname -m2⤵PID:534
-
-
/bin/mkdirmkdir -p /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/2⤵PID:536
-
-
/bin/mkdirmkdir -p /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/2⤵PID:536
-
-
/bin/dddd "if=" "of=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.533" "skip=146" "count=128" "bs=64"2⤵PID:537
-
-
/bin/dddd "if=" "of=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.533" "skip=146" "count=128" "bs=64"2⤵PID:537
-
-
/bin/dddd "if=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.533" "of=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.533" "skip=6" "count=10" "bs=64" "conv=notrunc"2⤵PID:538
-
-
/bin/dddd "if=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.533" "of=/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.533" "skip=6" "count=10" "bs=64" "conv=notrunc"2⤵PID:538
-
-
/bin/chmodchmod 755 /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.5332⤵PID:539
-
-
/bin/chmodchmod 755 /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.5332⤵PID:539
-
-
/bin/mvmv -f /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.533 /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape2⤵PID:540
-
-
/bin/mvmv -f /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape.533 /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape2⤵PID:540
-
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape1⤵PID:533
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T//.ape1⤵PID:533
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
357B
MD5661f0550ce9a193ecf52d30816560e1c
SHA1a236914b26f6b3c217be1ae9e35b4c7a2f342925
SHA256eecd6d04d645742efa80244b0ee058738c1da011ee8fa7a16f158936a7418daf
SHA51264515e66fe064904437bfc8d1b0cfca2ca4cd0b583f019c9fe562113bb80d475e8f82bc41ec4970f41bb2e4e36ad64f5cdf8bf4ba88fcb1522136f2d0ec4f111
-
Filesize
357B
MD5661f0550ce9a193ecf52d30816560e1c
SHA1a236914b26f6b3c217be1ae9e35b4c7a2f342925
SHA256eecd6d04d645742efa80244b0ee058738c1da011ee8fa7a16f158936a7418daf
SHA51264515e66fe064904437bfc8d1b0cfca2ca4cd0b583f019c9fe562113bb80d475e8f82bc41ec4970f41bb2e4e36ad64f5cdf8bf4ba88fcb1522136f2d0ec4f111