Overview

overview

7

Static

static

1

dezz.rtf

windows10-1703-x64

1

dezz.rtf

windows10-2004-x64

7

dezz.rtf

macos-10.15-amd64

1

Resubmissions

26/04/2023, 21:52

230426-1q5n8sdh2t 8

26/04/2023, 21:16

230426-z4gnwsdg2s 8

26/04/2023, 20:50

230426-zmt8nabg75 7

26/04/2023, 20:46

230426-zkfx9adf3v 7

26/04/2023, 04:32

230426-e6exvsfb23 6

26/04/2023, 04:29

230426-e4kekafa92 6

Analysis

  • max time kernel
    148s
  • max time network
    141s
  • platform
    macos_amd64
  • resource
    macos-20220504-en
  • resource tags

    arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    26/04/2023, 20:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dezz.rtf

  • Size

    365B

  • MD5

    21579951a326c9dc08a51fe364344914

  • SHA1

    7981c5d563ef63956259016174fb5f023e0d8604

  • SHA256

    73bf12bc7899244509130edfd84c146d3b0f77a69550ef4ff34d6f51966f79d3

  • SHA512

    db2bb92685631ed125a7ace9795e346b52c72bec778716d8dbaa4f1f39011f79eebe9497393fde7b2eb7a5321534bde7a88164dc6ca6de3ecf889c3367f74fee

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --test-devid-status
    1⤵
      PID:495
    • /usr/bin/syslog
      /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
      1⤵
        PID:496
      • /bin/sh
        sh -c "sudo /bin/zsh -c \"/Users/run/dezz.rtf\""
        1⤵
          PID:498
        • /bin/bash
          sh -c "sudo /bin/zsh -c \"/Users/run/dezz.rtf\""
          1⤵
            PID:498
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Users/run/dezz.rtf\""
            1⤵
              PID:498
            • /usr/bin/sudo
              sudo /bin/zsh -c /Users/run/dezz.rtf
              1⤵
                PID:498
              • /usr/bin/sudo
                sudo /bin/zsh -c /Users/run/dezz.rtf
                1⤵
                  PID:498
                  • /bin/zsh
                    /bin/zsh -c /Users/run/dezz.rtf
                    2⤵
                      PID:513
                    • /bin/zsh
                      /bin/zsh -c /Users/run/dezz.rtf
                      2⤵
                        PID:513
                      • /Users/run/dezz.rtf
                        /Users/run/dezz.rtf
                        2⤵
                          PID:513
                        • /Users/run/dezz.rtf
                          /Users/run/dezz.rtf
                          2⤵
                            PID:513
                          • /bin/sh
                            sh /Users/run/dezz.rtf
                            2⤵
                              PID:513
                            • /bin/sh
                              sh /Users/run/dezz.rtf
                              2⤵
                                PID:513
                              • /bin/bash
                                sh /Users/run/dezz.rtf
                                2⤵
                                  PID:513
                                • /bin/bash
                                  sh /Users/run/dezz.rtf
                                  2⤵
                                    PID:513

                                Network

                                MITRE ATT&CK Matrix

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads