Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

WinToUSB_Free.exe

macos-10.15-amd64

1

Analysis

  • max time kernel
    964s
  • max time network
    1560s
  • platform
    macos-10.15_amd64
  • resource
    macos-20231201-en
  • resource tags

    arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    05/01/2024, 16:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinToUSB_Free.exe

  • Size

    23.6MB

  • MD5

    6b9c0c53b7f592b82ee472d03c11f8fb

  • SHA1

    1340c37e79a72793f71113d24d7c9831aa944ae6

  • SHA256

    40fcfc392ac498c258ce1c7d9aa5f9d44729ca4928010100c37e2ea02f266f4f

  • SHA512

    5d29098af55c657668441b2a6116f39ba618ee63cc99e53a55d129578b985a3b0bafa16e1e6e1f5f05c96fd2c74a8680a85260b469e16ff2e6e4e42206d17ec8

  • SSDEEP

    393216:2MjjFmswTS+Oq8/Pc67fco3t2ZSvS7BE3PwXzNyG//bKwWzTM1kbNtRts:2MHMsG6R3UoUMcB9j4GHuwkpZs

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --test-devid-status
    1⤵
      PID:518
    • /usr/bin/syslog
      /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
      1⤵
        PID:519
      • /bin/sh
        sh -c "sudo /bin/zsh -c \"/Users/run/WinToUSB_Free.exe\""
        1⤵
          PID:520
        • /bin/bash
          sh -c "sudo /bin/zsh -c \"/Users/run/WinToUSB_Free.exe\""
          1⤵
            PID:520
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Users/run/WinToUSB_Free.exe\""
            1⤵
              PID:520
            • /usr/bin/sudo
              sudo /bin/zsh -c /Users/run/WinToUSB_Free.exe
              1⤵
                PID:520
              • /usr/bin/sudo
                sudo /bin/zsh -c /Users/run/WinToUSB_Free.exe
                1⤵
                  PID:520
                  • /bin/zsh
                    /bin/zsh -c /Users/run/WinToUSB_Free.exe
                    2⤵
                      PID:521
                    • /bin/zsh
                      /bin/zsh -c /Users/run/WinToUSB_Free.exe
                      2⤵
                        PID:521
                      • /Users/run/WinToUSB_Free.exe
                        /Users/run/WinToUSB_Free.exe
                        2⤵
                          PID:521
                        • /Users/run/WinToUSB_Free.exe
                          /Users/run/WinToUSB_Free.exe
                          2⤵
                            PID:521
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.audio.systemsoundserverd
                          1⤵
                            PID:543
                          • /usr/sbin/systemsoundserverd
                            /usr/sbin/systemsoundserverd
                            1⤵
                              PID:543
                            • /usr/libexec/xpcproxy
                              xpcproxy com.apple.pbs
                              1⤵
                                PID:544
                              • /System/Library/CoreServices/pbs
                                /System/Library/CoreServices/pbs
                                1⤵
                                  PID:544
                                • /usr/libexec/xpcproxy
                                  xpcproxy com.apple.audio.AudioComponentRegistrar
                                  1⤵
                                    PID:545
                                  • /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                                    /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
                                    1⤵
                                      PID:545
                                    • /usr/sbin/spctl
                                      /usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
                                      1⤵
                                        PID:559
                                      • /bin/launchctl
                                        /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
                                        1⤵
                                          PID:570
                                        • /bin/launchctl
                                          /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
                                          1⤵
                                            PID:571
                                          • /usr/libexec/xpcproxy
                                            xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                                            1⤵
                                              PID:575
                                            • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                              /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                              1⤵
                                                PID:575
                                              • /usr/libexec/xpcproxy
                                                xpcproxy com.apple.CoreAuthentication.agent
                                                1⤵
                                                  PID:577
                                                • /System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
                                                  /System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
                                                  1⤵
                                                    PID:577
                                                  • /usr/libexec/xpcproxy
                                                    xpcproxy com.apple.spindump
                                                    1⤵
                                                      PID:578
                                                    • /usr/sbin/spindump
                                                      /usr/sbin/spindump
                                                      1⤵
                                                        PID:578
                                                      • /usr/libexec/xpcproxy
                                                        xpcproxy com.apple.diagnosticd
                                                        1⤵
                                                          PID:579
                                                        • /usr/libexec/diagnosticd
                                                          /usr/libexec/diagnosticd
                                                          1⤵
                                                            PID:579

                                                          Network

                                                          MITRE ATT&CK Matrix

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • /Users/run/Library/Caches/.dat.nosync0220.x33xqU
                                                            Filesize

                                                            12KB

                                                            MD5

                                                            f749dc662c57773c838b1620e7e0a036

                                                            SHA1

                                                            a1c2db1a78e2699424f2bb2fe24a3c7aee014561

                                                            SHA256

                                                            7fa071a2856500a39cd681990f080b832dade3b84530db9c759459f00d8a3874

                                                            SHA512

                                                            0eb38eb8a99196c3c1418baeb0cfd3be4b633688a611545124127fb04e8ffaa09efb34500c3564c24729f0c160745ec0e4c7b48b61208a1dd2fa45c51792f0ca

                                                            Download Submit