Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
125s -
max time network
144s -
platform
macos-10.15_amd64 -
resource
macos-20231201-en -
resource tags
-
submitted
22/12/2023, 16:29
General
-
Target
f0e77c619ad9642053743594af72ab11
-
Size
533KB
-
MD5
f0e77c619ad9642053743594af72ab11
-
SHA1
52964e7b21a23494895a5411a91ebade507efede
-
SHA256
aa005aa63ee286b8d792a27e48c25bdb821324600bdd1136bf404d5bf304b9d4
-
SHA512
0ad03d21a8b80d35d4a7163d27c080ad4324ea4a8dfd9ea0bb45d4d4f00de8f9e2fa4f0c648f1c4a3432ceaad8a5056e96f99e5b92a7115411ef3ac1d23f60a5
-
SSDEEP
12288:HagDdYVK3wzCscmUUPq2Y3+V9rv1ImCn2/liKj:HagDdYVK3wzcmUUPq2Y3+V9rvfCn2/lZ
Score
8/10
Malware Config
Signatures
-
Identifies devices as anti-VM 1 IoCs
-
Queries the hardware information (I/O Kit registry). 1 TTPs 1 IoCs
Processes
-
/usr/sbin/spctl/usr/sbin/spctl --status1⤵
-
/usr/sbin/spctl/usr/sbin/spctl --test-devid-status1⤵
-
/usr/bin/syslog/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"1⤵
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/f0e77c619ad9642053743594af72ab11\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/f0e77c619ad9642053743594af72ab11\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/f0e77c619ad9642053743594af72ab11\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/f0e77c619ad9642053743594af72ab111⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/f0e77c619ad9642053743594af72ab111⤵
-
/bin/zsh/bin/zsh -c /Users/run/f0e77c619ad9642053743594af72ab112⤵
-
-
/bin/zsh/bin/zsh -c /Users/run/f0e77c619ad9642053743594af72ab112⤵
-
-
/Users/run/f0e77c619ad9642053743594af72ab11/Users/run/f0e77c619ad9642053743594af72ab112⤵
-
-
/Users/run/f0e77c619ad9642053743594af72ab11/Users/run/f0e77c619ad9642053743594af72ab112⤵
-
-
/bin/cat/bin/cat1⤵
-
/bin/bash/bin/bash1⤵
-
/usr/sbin/ioregioreg -rd1 -c IOPlatformExpertDevice2⤵
-
-
/usr/sbin/ioregioreg -rd1 -c IOPlatformExpertDevice2⤵
-
-
/usr/bin/awkawk "/IOPlatformUUID/ { split(\$0, line, \"\\\"\"); printf(\"%s\", line[4]); }"2⤵
-
-
/usr/bin/awkawk "/IOPlatformUUID/ { split(\$0, line, \"\\\"\"); printf(\"%s\", line[4]); }"2⤵
-
-
/bin/cat/bin/cat1⤵
-
/bin/bash/bin/bash1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.systemsoundserverd1⤵
-
/usr/sbin/systemsoundserverd/usr/sbin/systemsoundserverd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.pbs1⤵
-
/System/Library/CoreServices/pbs/System/Library/CoreServices/pbs1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E1⤵
-
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD51c8fffeb7e070eb49921a72321031014
SHA193ccc3609127d47e742fb052f1af58cecbc530a4
SHA2565d98056056bde222323a28a74d8b60b087c278b8d609a0b2bd7a3ead82499e84
SHA512892e60aa598d7079ad7ad39912cb5ac1d6dbca44b07ce1ee04c8655d6554e0f5abb48aa7c1ce1af787b04d195bc6fa4b896b54957802efc0a94e3c026e783d06