Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
127s -
platform
macos_amd64 -
resource
macos-20220504-en -
resource tags
-
submitted
15/08/2023, 22:38
General
-
Target
BadWin.xfl
-
Size
9B
-
MD5
e25cd3a43fe4cc8ef81230d136814570
-
SHA1
7ffe91cfe0acb42e00d7fa05585c553b9f6bf3e7
-
SHA256
29ac2e403620428ee4130686b456aefb0cc6d45e3be6e9c3191af906c1301f38
-
SHA512
f218c49b71da48c0e6f0794dcb3176626f91e931a1505878dd38ad27d66c0271d0cbf6ac227dcdce48849cfb787b8f04c13bf96625c41ab7baa4c655bf87fe73
Score
1/10
Malware Config
Signatures
Processes
-
/usr/sbin/spctl/usr/sbin/spctl --status1⤵
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/BadWin.xfl\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/BadWin.xfl\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/BadWin.xfl\""1⤵
-
/usr/sbin/spctl/usr/sbin/spctl --test-devid-status1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/BadWin.xfl1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/BadWin.xfl1⤵
-
/bin/zsh/bin/zsh -c /Users/run/BadWin.xfl2⤵
-
-
/bin/zsh/bin/zsh -c /Users/run/BadWin.xfl2⤵
-
-
/Users/run/BadWin.xfl/Users/run/BadWin.xfl2⤵
-
-
/Users/run/BadWin.xfl/Users/run/BadWin.xfl2⤵
-
-
/bin/shsh /Users/run/BadWin.xfl2⤵
-
-
/bin/shsh /Users/run/BadWin.xfl2⤵
-
-
/bin/bashsh /Users/run/BadWin.xfl2⤵
-
-
/bin/bashsh /Users/run/BadWin.xfl2⤵
-
-
/usr/bin/syslog/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.tailspind1⤵
-
/usr/libexec/tailspind/usr/libexec/tailspind1⤵