Malware Analysis Report

2025-08-05 22:49

Sample ID 230924-3nxa7aac6s
Target dosia.zip
SHA256 657fd01e5e3c8f95148e359decb60b45cd62c65d4a788d6de16d41392bf5ef03
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

657fd01e5e3c8f95148e359decb60b45cd62c65d4a788d6de16d41392bf5ef03

Threat Level: Likely benign

The file dosia.zip was found to be: Likely benign.

Malicious Activity Summary


Enumerates kernel/hardware configuration

Reads runtime system information

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-24 23:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-09-24 23:40

Reported

2023-09-24 23:46

Platform

debian9-armhf-20230831-en

Max time kernel

11s

Max time network

221s

Command Line

[/tmp/d_lin_arm]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/d_lin_arm N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/auxv /tmp/d_lin_arm N/A

Processes

/tmp/d_lin_arm

[/tmp/d_lin_arm]

Network

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-09-24 23:40

Reported

2023-09-24 23:46

Platform

macos-20230831-en

Max time kernel

292s

Max time network

306s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/d_mac_x64"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/d_mac_x64"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/d_mac_x64"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/d_mac_x64"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/d_mac_x64]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/d_mac_x64]

/bin/zsh

[/bin/zsh -c /Users/run/d_mac_x64]

/bin/zsh

[/bin/zsh -c /Users/run/d_mac_x64]

/Users/run/d_mac_x64

[/Users/run/d_mac_x64]

/Users/run/d_mac_x64

[/Users/run/d_mac_x64]

/usr/bin/rsync

[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.a0jkzsfSB0/m/Google Chrome.app/ /Applications/Google Chrome.app]

/usr/bin/rsync

[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.a0jkzsfSB0/m/Google Chrome.app/ /Applications/Google Chrome.app]

/bin/rm

[rm -f /Applications/Google Chrome.app/.want_full_installer]

/bin/rm

[rm -f /Applications/Google Chrome.app/.want_full_installer]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]

/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister

[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]

/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister

[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin

[ksadmin --register --productid com.google.Chrome --version 116.0.5845.110 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin

[ksadmin --register --productid com.google.Chrome --version 116.0.5845.110 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]

/bin/ps

[ps -ewwo comm=]

/bin/ps

[ps -ewwo comm=]

/usr/bin/grep

[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]

/usr/bin/grep

[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]

/usr/bin/cut

[cut -c 1-108]

/usr/bin/cut

[cut -c 1-108]

/usr/sbin/lsof

[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]

/usr/sbin/lsof

[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]

/bin/rm

[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]

/bin/rm

[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]

/usr/sbin/chown

[chown -Rh root:wheel /Applications/Google Chrome.app]

/usr/sbin/chown

[chown -Rh root:wheel /Applications/Google Chrome.app]

/bin/chmod

[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]

/bin/chmod

[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]

/usr/bin/find

[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]

/usr/bin/find

[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/bin/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/bin/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/usr/bin/xattr

[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]

/usr/bin/xattr

[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]

/usr/bin/hdiutil

[/usr/bin/hdiutil detach /tmp/KSInstallAction.a0jkzsfSB0/m]

/sbin/umount

[/sbin/umount /private/tmp/KSInstallAction.a0jkzsfSB0/m]

/sbin/umount

[/sbin/umount /private/tmp/KSInstallAction.a0jkzsfSB0/m]

/sbin/mount_msdos

[/sbin/mount_msdos -o perm -o nobrowse /dev/disk1s1 /Volumes/firmwaresyncd.RCDEkV]

/sbin/kextload

[/sbin/kextload /System/Library/Extensions/msdosfs.kext]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash.Root]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mediaremoteagent]

/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent

[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 488]

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.PerfPowerServices]

/usr/libexec/PerfPowerServices

[/usr/libexec/PerfPowerServices]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.PressAndHold 379]

/System/Library/Input Methods/PressAndHold.app/Contents/PlugIns/PAH_Extension.appex/Contents/MacOS/PAH_Extension

[/System/Library/Input Methods/PressAndHold.app/Contents/PlugIns/PAH_Extension.appex/Contents/MacOS/PAH_Extension]

Network

Country Destination Domain Proto
US 20.189.173.1:443 tcp
US 8.8.8.8:53 34-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 17.248.236.68:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
NL 142.251.39.110:443 tcp
US 8.8.8.8:53 pki-goog.l.google.com udp
NL 142.251.36.35:80 pki-goog.l.google.com tcp
NL 142.251.36.35:80 pki-goog.l.google.com tcp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36-courier.push.apple.com udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
DE 17.253.79.202:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.44.233.108:443 help.apple.com tcp
GB 23.44.233.108:443 help.apple.com tcp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.65.88:443 tcp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 17.57.146.40:5223 31-courier.push.apple.com tcp
US 17.57.146.43:5223 31-courier.push.apple.com tcp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15-courier.push.apple.com udp

Files

/Library/Google/GoogleSoftwareUpdate/TicketStore/.dat.nosync02c0.DUBqG0

MD5 89b8d39274ab843763802b1bab057355
SHA1 ecbd29c0aecef8dde1d3c63d24fcf0c52ada6f4b
SHA256 ce282b49b174defe931185ce29d236a9a9abcd635591e9b190287aa58ae18a49
SHA512 6e2ed7f0a1111dd6d80e0a7c770e7d187e607ee04108d057e45e1fbaf9f361f6f03cc13a04fa193e8044745ce4c3ddba8a27a9345419de2f3aca4a84f0f4d6cb

Analysis: behavioral7

Detonation Overview

Submitted

2023-09-24 23:40

Reported

2023-09-24 23:41

Platform

win7-20230831-en

Max time kernel

1s

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-09-24 23:40

Reported

2023-09-24 23:46

Platform

win7-20230831-en

Max time kernel

117s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d_win_x64.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d_win_x64.exe

"C:\Users\Admin\AppData\Local\Temp\d_win_x64.exe"

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-24 23:40

Reported

2023-09-24 23:46

Platform

win7-20230831-en

Max time kernel

119s

Max time network

123s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\dosia.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\dosia.zip

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-09-24 23:40

Reported

2023-09-24 23:46

Platform

ubuntu1804-amd64-20230831-en

Max time kernel

3s

Max time network

304s

Command Line

[/tmp/d_lin_x64]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/d_lin_x64 N/A

Processes

/tmp/d_lin_x64

[/tmp/d_lin_x64]

Network

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2023-09-24 23:40

Reported

2023-09-24 23:46

Platform

macos-20230831-en

Max time kernel

72s

Max time network

302s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/d_mac_arm64"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/d_mac_arm64"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/d_mac_arm64"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/d_mac_arm64"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/d_mac_arm64]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/d_mac_arm64]

/bin/zsh

[/bin/zsh -c /Users/run/d_mac_arm64]

/bin/zsh

[/bin/zsh -c /Users/run/d_mac_arm64]

/Users/run/d_mac_arm64

[/Users/run/d_mac_arm64]

/Users/run/d_mac_arm64

[/Users/run/d_mac_arm64]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp

Files

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db_

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db_

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/.dat.nosync0227.5yOT86

MD5 b7062c78ee363dc0ffc2cadaa214cf0e
SHA1 65865558ef4d9f6f06cc937fbc636531ff4e15b6
SHA256 cf35665cbf62e6abd2b3a0aa610fc1c1c625ecc830fa16e15a8904530cf959f6
SHA512 ccca91452c4f6e1323dcc714da91afada61e726687f037d5c973ee754eef6a0e48304664b867c156fce5ae009c625dd0ed6b9eca4965ead64ebf4b337d8f35f3

Analysis: behavioral8

Detonation Overview

Submitted

2023-09-24 23:40

Reported

2023-09-24 23:41

Platform

win10v2004-20230915-en

Max time kernel

0s

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 20.82.228.9:443 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-09-24 23:40

Reported

2023-09-24 23:46

Platform

win10v2004-20230915-en

Max time kernel

258s

Max time network

264s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d_win_x64.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d_win_x64.exe

"C:\Users\Admin\AppData\Local\Temp\d_win_x64.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 142.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 136.71.105.51.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-09-24 23:40

Reported

2023-09-24 23:46

Platform

win10v2004-20230915-en

Max time kernel

271s

Max time network

295s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\dosia.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\dosia.zip

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
US 8.8.8.8:53 38.148.119.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A