Analysis Overview
SHA256
da508f5e7ea0a1724a25f5fe447dd043752fbbfdcece88f507278e9c71ba7821
Threat Level: Known bad
The file RobloxUWP2597.663cerealwithmilkMsixbundle.exe.exe was found to be: Known bad.
Malicious Activity Summary
Detect Pysilon
Pysilon family
Detects Pyinstaller
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-10-22 17:12
Signatures
Detect Pysilon
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pysilon family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-22 17:12
Reported
2023-10-22 17:14
Platform
macos-20220504-en
Max time kernel
82s
Max time network
99s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]
/bin/zsh
[/bin/zsh -c /Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]
/bin/zsh
[/bin/zsh -c /Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]
/usr/sbin/spctl
[/usr/sbin/spctl --status]
/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe
[/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]
/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe
[/Users/run/RobloxUWP2597.663cerealwithmilkMsixbundle.exe]
/usr/sbin/spctl
[/usr/sbin/spctl --test-devid-status]
/usr/bin/syslog
[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]
/usr/libexec/xpcproxy
[xpcproxy com.apple.PerformanceAnalysis.animationperfd]
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
[/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 2.16.118.172:443 | tcp | |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | itunes.apple.com | udp |