Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

e20f90bf8d...9a2484

macos-10.15-amd64

1

Analysis

  • max time kernel
    141s
  • max time network
    141s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240214-en
  • resource tags

    arch:amd64arch:i386image:macos-20240214-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    13/03/2024, 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e20f90bf8d1843af1c6e73e7565dbf144395122e7026822502dc5a90ed9a2484

  • Size

    595KB

  • MD5

    a95a8a225acaddfee90bc37e15e2cea9

  • SHA1

    c8960db983e12cd45e3b8fe8861cc2852a6af90e

  • SHA256

    e20f90bf8d1843af1c6e73e7565dbf144395122e7026822502dc5a90ed9a2484

  • SHA512

    6abeab4db60dbf219cf3426e49830b182d20d0e514d0f4cff80cda39fe60fec4fda85b61495c9c23d564fd35fa8fe485d7f9cccee4c8dcb5c97503113d07f877

  • SSDEEP

    12288:tqhi8lEgQPO763UEUEby0hL0XGNngKL0TINl/HskzK:Y/dQPcEU+ypcDLuil/MkzK

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/e20f90bf8d1843af1c6e73e7565dbf144395122e7026822502dc5a90ed9a2484\""
    1⤵
      PID:534
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/e20f90bf8d1843af1c6e73e7565dbf144395122e7026822502dc5a90ed9a2484\""
      1⤵
        PID:534
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/e20f90bf8d1843af1c6e73e7565dbf144395122e7026822502dc5a90ed9a2484
        1⤵
          PID:534
          • /bin/zsh
            /bin/zsh -c /Users/run/e20f90bf8d1843af1c6e73e7565dbf144395122e7026822502dc5a90ed9a2484
            2⤵
              PID:535
            • /Users/run/e20f90bf8d1843af1c6e73e7565dbf144395122e7026822502dc5a90ed9a2484
              /Users/run/e20f90bf8d1843af1c6e73e7565dbf144395122e7026822502dc5a90ed9a2484
              2⤵
                PID:535
            • /usr/libexec/dmd
              /usr/libexec/dmd
              1⤵
                PID:520
              • /usr/libexec/xpcproxy
                xpcproxy com.apple.sysmond
                1⤵
                  PID:540
                • /usr/libexec/sysmond
                  /usr/libexec/sysmond
                  1⤵
                    PID:540
                  • /usr/libexec/xpcproxy
                    xpcproxy com.apple.geod
                    1⤵
                      PID:565
                    • /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                      /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                      1⤵
                        PID:565
                      • /usr/libexec/xpcproxy
                        xpcproxy com.apple.AddressBook.ContactsAccountsService
                        1⤵
                          PID:566
                        • /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                          /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                          1⤵
                            PID:566
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.routined
                            1⤵
                              PID:567
                            • /usr/libexec/routined
                              /usr/libexec/routined LAUNCHED_BY_LAUNCHD
                              1⤵
                                PID:567
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.Maps.mapspushd
                                1⤵
                                  PID:568
                                • /System/Library/CoreServices/mapspushd
                                  /System/Library/CoreServices/mapspushd
                                  1⤵
                                    PID:568
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.nehelper
                                    1⤵
                                      PID:572
                                    • /usr/libexec/nehelper
                                      /usr/libexec/nehelper
                                      1⤵
                                        PID:572
                                      • /usr/libexec/xpcproxy
                                        xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
                                        1⤵
                                          PID:573
                                        • /usr/libexec/neagent
                                          /usr/libexec/neagent
                                          1⤵
                                            PID:573
                                          • /usr/libexec/xpcproxy
                                            xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                                            1⤵
                                              PID:581
                                            • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                              /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                              1⤵
                                                PID:581

                                              Network

                                              MITRE ATT&CK Matrix

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • /Library/Preferences/com.apple.networkextension.uuidcache.plist
                                                Filesize

                                                288B

                                                MD5

                                                55d707d8a498ca399dd49c710374392d

                                                SHA1

                                                94956fb7af8ebb24faa018be5739179ae2e21dbb

                                                SHA256

                                                0de9ce482bde894cb5d5042cfeaf0d54cb0f56ad4852caa4d06ad54a53a7b49f

                                                SHA512

                                                e6183083a8f1f1ea5e67806ecbcab5adefc331aca2622e3b846cee48b803a91076dfd9a905573ee71c900bc5563b4e6e7f3ab994de7e29552a01647cd29ad20e

                                                Download Submit

                                              • /Library/Preferences/com.apple.networkextension.uuidcache.plist
                                                Filesize

                                                355B

                                                MD5

                                                a6ef4856e99c9d8e1d9bb762c5a8503a

                                                SHA1

                                                25d5405ad91791b716ae5a56b37aa2b393854967

                                                SHA256

                                                232441aa129d4f21999860b8bf31db4b8617df9f7d32ef5f25a383edff82d9fa

                                                SHA512

                                                582fa1ea60766a5a4e99b295a8ed98c94f6bab45e42b7e8db61e9ad645f531891082cd457bfd11d660195af86f02c4ed93589e6e6daded683cff2d8319bbc489

                                                Download Submit

                                              • /Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
                                                Filesize

                                                124KB

                                                MD5

                                                332e6ac2e5ad3ec54ebad989dd02d0d9

                                                SHA1

                                                39106b7a55046cb4cccb056f8200e887a9d05a4f

                                                SHA256

                                                25e18da457976303c7d771c677cf4eb766914bd685c7cba60077ce96d22b2620

                                                SHA512

                                                bfe6e66335eefba0ab7c8fd3b04ec0c125373a10d9216d43234d1779f3915bc0c272091d1c6bed1b39963c05074a702cab83e8664686965a0c9f96b5fa711b1c

                                                Download Submit

                                              • /Users/run/Library/Caches/GeoServices/Resources/altitude-1214.xml
                                                Filesize

                                                158KB

                                                MD5

                                                3beb34e02eb9bd01714f9926b3ebfc96

                                                SHA1

                                                d558e451b1b1ea9f8a7a29449fe1d2985abbd96c

                                                SHA256

                                                032673ebc61db6f46d76d507b19b1b0136a3f7e766a311f38921d2ee7fe450be

                                                SHA512

                                                f882c6dc232cc24367e6a83117a8f358860fe8cc9b5d67fa2255645a43658e1cf72af44fa3708ec03c24a788c78abea2a268214adcfcb52aa7dce207102627ff

                                                Download Submit