Analysis Overview
SHA256
657fd01e5e3c8f95148e359decb60b45cd62c65d4a788d6de16d41392bf5ef03
Threat Level: Likely benign
The file dosia.zip was found to be: Likely benign.
Malicious Activity Summary
Enumerates kernel/hardware configuration
Reads runtime system information
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-24 23:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2023-09-24 23:40
Reported
2023-09-24 23:46
Platform
debian9-armhf-20230831-en
Max time kernel
11s
Max time network
221s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /tmp/d_lin_arm | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /tmp/d_lin_arm | N/A |
Processes
/tmp/d_lin_arm
[/tmp/d_lin_arm]
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2023-09-24 23:40
Reported
2023-09-24 23:46
Platform
macos-20230831-en
Max time kernel
292s
Max time network
306s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/d_mac_x64"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/d_mac_x64"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/d_mac_x64"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/d_mac_x64]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/d_mac_x64]
/bin/zsh
[/bin/zsh -c /Users/run/d_mac_x64]
/bin/zsh
[/bin/zsh -c /Users/run/d_mac_x64]
/Users/run/d_mac_x64
[/Users/run/d_mac_x64]
/Users/run/d_mac_x64
[/Users/run/d_mac_x64]
/usr/bin/rsync
[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.a0jkzsfSB0/m/Google Chrome.app/ /Applications/Google Chrome.app]
/usr/bin/rsync
[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.a0jkzsfSB0/m/Google Chrome.app/ /Applications/Google Chrome.app]
/bin/rm
[rm -f /Applications/Google Chrome.app/.want_full_installer]
/bin/rm
[rm -f /Applications/Google Chrome.app/.want_full_installer]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]
/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister
[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]
/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister
[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin
[ksadmin --register --productid com.google.Chrome --version 116.0.5845.110 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin
[ksadmin --register --productid com.google.Chrome --version 116.0.5845.110 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]
/bin/ps
[ps -ewwo comm=]
/bin/ps
[ps -ewwo comm=]
/usr/bin/grep
[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]
/usr/bin/grep
[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]
/usr/bin/cut
[cut -c 1-108]
/usr/bin/cut
[cut -c 1-108]
/usr/sbin/lsof
[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]
/usr/sbin/lsof
[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]
/bin/rm
[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]
/bin/rm
[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]
/usr/sbin/chown
[chown -Rh root:wheel /Applications/Google Chrome.app]
/usr/sbin/chown
[chown -Rh root:wheel /Applications/Google Chrome.app]
/bin/chmod
[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]
/bin/chmod
[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]
/usr/bin/find
[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]
/usr/bin/find
[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/bin/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/bin/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/usr/bin/xattr
[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]
/usr/bin/xattr
[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]
/usr/bin/hdiutil
[/usr/bin/hdiutil detach /tmp/KSInstallAction.a0jkzsfSB0/m]
/sbin/umount
[/sbin/umount /private/tmp/KSInstallAction.a0jkzsfSB0/m]
/sbin/umount
[/sbin/umount /private/tmp/KSInstallAction.a0jkzsfSB0/m]
/sbin/mount_msdos
[/sbin/mount_msdos -o perm -o nobrowse /dev/disk1s1 /Volumes/firmwaresyncd.RCDEkV]
/sbin/kextload
[/sbin/kextload /System/Library/Extensions/msdosfs.kext]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportCrash.Root]
/System/Library/CoreServices/ReportCrash
[/System/Library/CoreServices/ReportCrash daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.mediaremoteagent]
/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent
[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 488]
/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportCrash]
/System/Library/CoreServices/ReportCrash
[/System/Library/CoreServices/ReportCrash agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.PerfPowerServices]
/usr/libexec/PerfPowerServices
[/usr/libexec/PerfPowerServices]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.PressAndHold 379]
/System/Library/Input Methods/PressAndHold.app/Contents/PlugIns/PAH_Extension.appex/Contents/MacOS/PAH_Extension
[/System/Library/Input Methods/PressAndHold.app/Contents/PlugIns/PAH_Extension.appex/Contents/MacOS/PAH_Extension]
Network
| Country | Destination | Domain | Proto |
| US | 20.189.173.1:443 | tcp | |
| US | 8.8.8.8:53 | 34-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 17.248.236.68:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| NL | 142.251.39.110:443 | tcp | |
| US | 8.8.8.8:53 | pki-goog.l.google.com | udp |
| NL | 142.251.36.35:80 | pki-goog.l.google.com | tcp |
| NL | 142.251.36.35:80 | pki-goog.l.google.com | tcp |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 8-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 20-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| DE | 17.253.79.202:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.44.233.108:443 | help.apple.com | tcp |
| GB | 23.44.233.108:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.65.88:443 | tcp | |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 17.57.146.40:5223 | 31-courier.push.apple.com | tcp |
| US | 17.57.146.43:5223 | 31-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15-courier.push.apple.com | udp |
Files
/Library/Google/GoogleSoftwareUpdate/TicketStore/.dat.nosync02c0.DUBqG0
| MD5 | 89b8d39274ab843763802b1bab057355 |
| SHA1 | ecbd29c0aecef8dde1d3c63d24fcf0c52ada6f4b |
| SHA256 | ce282b49b174defe931185ce29d236a9a9abcd635591e9b190287aa58ae18a49 |
| SHA512 | 6e2ed7f0a1111dd6d80e0a7c770e7d187e607ee04108d057e45e1fbaf9f361f6f03cc13a04fa193e8044745ce4c3ddba8a27a9345419de2f3aca4a84f0f4d6cb |
Analysis: behavioral7
Detonation Overview
Submitted
2023-09-24 23:40
Reported
2023-09-24 23:41
Platform
win7-20230831-en
Max time kernel
1s
Max time network
5s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2023-09-24 23:40
Reported
2023-09-24 23:46
Platform
win7-20230831-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\d_win_x64.exe
"C:\Users\Admin\AppData\Local\Temp\d_win_x64.exe"
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-24 23:40
Reported
2023-09-24 23:46
Platform
win7-20230831-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\dosia.zip
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2023-09-24 23:40
Reported
2023-09-24 23:46
Platform
ubuntu1804-amd64-20230831-en
Max time kernel
3s
Max time network
304s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /tmp/d_lin_x64 | N/A |
Processes
/tmp/d_lin_x64
[/tmp/d_lin_x64]
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-09-24 23:40
Reported
2023-09-24 23:46
Platform
macos-20230831-en
Max time kernel
72s
Max time network
302s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/d_mac_arm64"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/d_mac_arm64"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/d_mac_arm64"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/d_mac_arm64]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/d_mac_arm64]
/bin/zsh
[/bin/zsh -c /Users/run/d_mac_arm64]
/bin/zsh
[/bin/zsh -c /Users/run/d_mac_arm64]
/Users/run/d_mac_arm64
[/Users/run/d_mac_arm64]
/Users/run/d_mac_arm64
[/Users/run/d_mac_arm64]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 16-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
Files
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db_
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db_
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/.dat.nosync0227.5yOT86
| MD5 | b7062c78ee363dc0ffc2cadaa214cf0e |
| SHA1 | 65865558ef4d9f6f06cc937fbc636531ff4e15b6 |
| SHA256 | cf35665cbf62e6abd2b3a0aa610fc1c1c625ecc830fa16e15a8904530cf959f6 |
| SHA512 | ccca91452c4f6e1323dcc714da91afada61e726687f037d5c973ee754eef6a0e48304664b867c156fce5ae009c625dd0ed6b9eca4965ead64ebf4b337d8f35f3 |
Analysis: behavioral8
Detonation Overview
Submitted
2023-09-24 23:40
Reported
2023-09-24 23:41
Platform
win10v2004-20230915-en
Max time kernel
0s
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 20.82.228.9:443 | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2023-09-24 23:40
Reported
2023-09-24 23:46
Platform
win10v2004-20230915-en
Max time kernel
258s
Max time network
264s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\d_win_x64.exe
"C:\Users\Admin\AppData\Local\Temp\d_win_x64.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.71.105.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-24 23:40
Reported
2023-09-24 23:46
Platform
win10v2004-20230915-en
Max time kernel
271s
Max time network
295s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\dosia.zip
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |