Malware Analysis Report

2024-11-30 11:59

Sample ID 231022-vqv7xabd6z
Target RobloxUWP2597.663cerealwithmilkMsixbundle.exe.exe
SHA256 da508f5e7ea0a1724a25f5fe447dd043752fbbfdcece88f507278e9c71ba7821
Tags
pyinstaller pysilon
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

da508f5e7ea0a1724a25f5fe447dd043752fbbfdcece88f507278e9c71ba7821

Threat Level: Known bad

The file RobloxUWP2597.663cerealwithmilkMsixbundle.exe.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon

Detect Pysilon

Pysilon family

Detects Pyinstaller

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-10-22 17:12

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-22 17:12

Reported

2023-10-22 17:14

Platform

macos-20220504-en

Max time kernel

82s

Max time network

99s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]

/bin/zsh

[/bin/zsh -c /Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]

/bin/zsh

[/bin/zsh -c /Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]

/usr/sbin/spctl

[/usr/sbin/spctl --status]

/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe

[/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]

/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe

[/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]

/usr/sbin/spctl

[/usr/sbin/spctl --test-devid-status]

/usr/bin/syslog

[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]

/usr/libexec/xpcproxy

[xpcproxy com.apple.PerformanceAnalysis.animationperfd]

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd

[/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 2.16.118.172:443 tcp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 itunes.apple.com udp

Files

N/A