9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

test.txt

macos-10.15-amd64

1

Resubmissions

27/12/2023, 08:26

231227-kcc43afbcn 3

25/12/2023, 05:26

231225-f47qjagae7 8

25/12/2023, 05:23

231225-f3jmbaffh9 1

25/12/2023, 02:44

231225-c79shsdhb4 1

25/12/2023, 02:43

231225-c7yp9acegj 1

24/12/2023, 13:06

231224-qcfsvacaar 1

24/12/2023, 13:05

231224-qbs2sacaaq 1

24/12/2023, 09:20

231224-lap7aabehm 3

24/12/2023, 08:46

231224-kprg8adhc4 5

Analysis

max time kernel
118s
max time network
152s
platform
macos-10.15_amd64
resource
macos-20231201-en
resource tags

arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
25/12/2023, 05:23

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

test.txt

Resource

macos-20231201-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

test.txt
Size

4B
MD5

098f6bcd4621d373cade4e832627b4f6
SHA1

a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256

9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512

ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/test.txt\""
1⤵
PID:508

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/test.txt\""
1⤵
PID:508

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/test.txt\""
1⤵
PID:508

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/test.txt
1⤵
PID:508

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/test.txt
1⤵
PID:508
- /bin/zsh
  /bin/zsh -c /Users/run/test.txt
  2⤵
  PID:510
- /bin/zsh
  /bin/zsh -c /Users/run/test.txt
  2⤵
  PID:510
- /Users/run/test.txt
  /Users/run/test.txt
  2⤵
  PID:510
- /Users/run/test.txt
  /Users/run/test.txt
  2⤵
  PID:510
- /bin/sh
  sh /Users/run/test.txt
  2⤵
  PID:510
- /bin/sh
  sh /Users/run/test.txt
  2⤵
  PID:510
- /bin/bash
  sh /Users/run/test.txt
  2⤵
  PID:510
- /bin/bash
  sh /Users/run/test.txt
  2⤵
  PID:510

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:511

/usr/libexec/xpcproxy
xpcproxy com.apple.secinitd
1⤵
PID:515

/usr/libexec/secinitd
/usr/libexec/secinitd
1⤵
PID:515

/usr/local/bin/lscpu
lscpu
1⤵
PID:517

/usr/local/bin/lscpu
lscpu
1⤵
PID:517

/usr/bin/lscpu
lscpu
1⤵
PID:517

/usr/bin/lscpu
lscpu
1⤵
PID:517

/bin/lscpu
lscpu
1⤵
PID:517

/bin/lscpu
lscpu
1⤵
PID:517

/usr/sbin/lscpu
lscpu
1⤵
PID:517

/usr/sbin/lscpu
lscpu
1⤵
PID:517

/sbin/lscpu
lscpu
1⤵
PID:517

/sbin/lscpu
lscpu
1⤵
PID:517

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:537

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:537

/usr/local/bin/syhsctl
syhsctl
1⤵
PID:550

/usr/local/bin/syhsctl
syhsctl
1⤵
PID:550

/usr/bin/syhsctl
syhsctl
1⤵
PID:550

/usr/bin/syhsctl
syhsctl
1⤵
PID:550

/bin/syhsctl
syhsctl
1⤵
PID:550

/bin/syhsctl
syhsctl
1⤵
PID:550

/usr/sbin/syhsctl
syhsctl
1⤵
PID:550

/usr/sbin/syhsctl
syhsctl
1⤵
PID:550

/sbin/syhsctl
syhsctl
1⤵
PID:550

/sbin/syhsctl
syhsctl
1⤵
PID:550

/usr/sbin/sysctl
sysctl
1⤵
PID:551

/usr/sbin/sysctl
sysctl
1⤵
PID:551

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:552

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:552

/usr/sbin/sysctl
sysctl -n machdep.cpu.brand_string
1⤵
PID:553

/usr/sbin/sysctl
sysctl -n machdep.cpu.brand_string
1⤵
PID:553

/usr/sbin/system_profiler
system_profiler
1⤵
PID:557

/usr/sbin/system_profiler
system_profiler
1⤵
PID:557

/usr/bin/grep
grep Processor
1⤵
PID:558

/usr/bin/grep
grep Processor
1⤵
PID:558

/usr/libexec/xpcproxy
xpcproxy com.apple.SecureElementHelper 561
1⤵
PID:562

/System/Library/SystemProfiler/SPSecureElementReporter.spreporter/Contents/XPCServices/SecureElementHelper.xpc/Contents/MacOS/SecureElementHelper
/System/Library/SystemProfiler/SPSecureElementReporter.spreporter/Contents/XPCServices/SecureElementHelper.xpc/Contents/MacOS/SecureElementHelper
1⤵
PID:562

/usr/libexec/xpcproxy
xpcproxy com.apple.nfcd
1⤵
PID:563

/usr/libexec/nfcd
/usr/libexec/nfcd
1⤵
PID:563

/usr/libexec/xpcproxy
xpcproxy com.apple.bird
1⤵
PID:567

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
1⤵
PID:567

/usr/libexec/xpcproxy
xpcproxy com.apple.iBridgeDiscovery 572
1⤵
PID:573

/System/Library/SystemProfiler/SPiBridgeReporter.spreporter/Contents/XPCServices/iBridgeDiscovery.xpc/Contents/MacOS/iBridgeDiscovery
/System/Library/SystemProfiler/SPiBridgeReporter.spreporter/Contents/XPCServices/iBridgeDiscovery.xpc/Contents/MacOS/iBridgeDiscovery
1⤵
PID:573

/usr/sbin/system_profiler
system_profiler
1⤵
PID:580

/usr/sbin/system_profiler
system_profiler
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.SecureElementHelper 583
1⤵
PID:584

/System/Library/SystemProfiler/SPSecureElementReporter.spreporter/Contents/XPCServices/SecureElementHelper.xpc/Contents/MacOS/SecureElementHelper
/System/Library/SystemProfiler/SPSecureElementReporter.spreporter/Contents/XPCServices/SecureElementHelper.xpc/Contents/MacOS/SecureElementHelper
1⤵
PID:584

/usr/libexec/xpcproxy
xpcproxy com.apple.iBridgeDiscovery 591
1⤵
PID:592

/System/Library/SystemProfiler/SPiBridgeReporter.spreporter/Contents/XPCServices/iBridgeDiscovery.xpc/Contents/MacOS/iBridgeDiscovery
/System/Library/SystemProfiler/SPiBridgeReporter.spreporter/Contents/XPCServices/iBridgeDiscovery.xpc/Contents/MacOS/iBridgeDiscovery
1⤵
PID:592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Caches/.dat.nosync0228.P8WOdx

Filesize
12KB

MD5
11df701b2662ba4cf89aa07be0273170

SHA1
aa9bc8e021a09958d095042301da5ba1660936b8

SHA256
a9baa734477e8d089f593760157ec571a869190a8b96d877f9ba7964b008b7c4

SHA512
0ab18a6710d8698ff1f31db16d54821c12d0d1174f477369f9c902a00fbf099df93816e3bea12b7713a6d00d3eb89b2a361266c4bd9db8624980e7a0a48501a4

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit

© 2018-2025

Terms | Privacy