Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

sample_dummy.exe

macos-10.15-amd64

1

Resubmissions

30/08/2023, 12:48

230830-p1slwaee9w 3

30/08/2023, 12:47

230830-p1by5aee9t 3

Analysis

  • max time kernel
    128s
  • max time network
    126s
  • platform
    macos_amd64
  • resource
    macos-20220504-en
  • resource tags

    arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    30/08/2023, 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample_dummy.exe

  • Size

    2.8MB

  • MD5

    03e2a1d4b30c602ed907d0d41f468455

  • SHA1

    ad2337f88ab795f1baa47bb600fa9e25f9ef6e94

  • SHA256

    6ef07c84be5437543a8652b957c319d0c3c7afbd12739ae07cea53d2629215c9

  • SHA512

    d938389cdd1395e8d1bfd225f69c42d6000eae89f5e9bb42ddb4968ed45422fba0f62c5a8eb92db26980229ce6f0c53d63a16b1ce8c656fc142df6a5a2656da0

  • SSDEEP

    24576:dfHRL5vdCd72NBS+up63HVNkf1pJc0zJez+0+Ec0xMk58UsU3AoJ3WNrM+Wt5:dpLxdCd7CQf1pS0IL3WNrM+Wt5

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --status
    1⤵
      PID:500
    • /bin/sh
      sh -c "sudo /bin/zsh -c \"/Users/run/sample_dummy.exe\""
      1⤵
        PID:502
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/sample_dummy.exe\""
        1⤵
          PID:502
        • /bin/bash
          sh -c "sudo /bin/zsh -c \"/Users/run/sample_dummy.exe\""
          1⤵
            PID:502
          • /usr/bin/sudo
            sudo /bin/zsh -c /Users/run/sample_dummy.exe
            1⤵
              PID:502
            • /usr/bin/sudo
              sudo /bin/zsh -c /Users/run/sample_dummy.exe
              1⤵
                PID:502
                • /bin/zsh
                  /bin/zsh -c /Users/run/sample_dummy.exe
                  2⤵
                    PID:505
                  • /bin/zsh
                    /bin/zsh -c /Users/run/sample_dummy.exe
                    2⤵
                      PID:505
                    • /Users/run/sample_dummy.exe
                      /Users/run/sample_dummy.exe
                      2⤵
                        PID:505
                      • /Users/run/sample_dummy.exe
                        /Users/run/sample_dummy.exe
                        2⤵
                          PID:505
                      • /usr/sbin/spctl
                        /usr/sbin/spctl --test-devid-status
                        1⤵
                          PID:503
                        • /usr/bin/syslog
                          /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
                          1⤵
                            PID:504
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.tailspind
                            1⤵
                              PID:519
                            • /usr/libexec/tailspind
                              /usr/libexec/tailspind
                              1⤵
                                PID:519

                              Network

                              MITRE ATT&CK Matrix

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads