54b40015f685bceaffb29dfb8d0b13fe941ebe3428ccf0a8afe9539875d01179 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Rz_launcher_setup.exe

macos-10.15-amd64

Resubmissions

26/04/2024, 18:41

240426-xbsvcahg48 3

26/04/2024, 18:39

240426-xaprasaf5x 3

26/04/2024, 18:16

240426-wwww3ahc88 7

Analysis

max time kernel
29s
max time network
31s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
26/04/2024, 18:39

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Rz_launcher_setup.exe

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Errors

Reason

Machine shutdown

Report Analysis Logs

General

Target

Rz_launcher_setup.exe
Size

103KB
MD5

c3083e7101f215f163d791d4319a4c36
SHA1

24f046315e17986009b2c358600c375be29f1505
SHA256

54b40015f685bceaffb29dfb8d0b13fe941ebe3428ccf0a8afe9539875d01179
SHA512

8f5b703b9218585c04e49f0d9e41e10b44175ef14576d2d14c0b100c2fe5c77f3e0ffa7844119b0915992c405dd9d1fcd45954ea0e0196e2e06fa6664c76ef56
SSDEEP

1536:VaORz6O1TgJVeMN87YPZNvMM9ri1WhAVWlGr5jzh:suzvchaYxNv9YR7zh

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Rz_launcher_setup.exe\""
1⤵
PID:487

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Rz_launcher_setup.exe\""
1⤵
PID:487

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Rz_launcher_setup.exe
1⤵
PID:487
- /bin/zsh
  /bin/zsh -c /Users/run/Rz_launcher_setup.exe
  2⤵
  PID:488
- /Users/run/Rz_launcher_setup.exe
  /Users/run/Rz_launcher_setup.exe
  2⤵
  PID:488

/usr/libexec/xpcproxy
xpcproxy com.apple.PackageKit.InstallStatus
1⤵
PID:520

/usr/libexec/xpcproxy
xpcproxy com.apple.warmd_agent
1⤵
PID:521

/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress
"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"
1⤵
PID:520

/usr/libexec/warmd_agent
/usr/libexec/warmd_agent
1⤵
PID:521

/usr/libexec/xpcproxy
xpcproxy com.apple.ViewBridgeAuxiliary
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.rtcreportingd
1⤵
PID:523

/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
1⤵
PID:522

/usr/libexec/rtcreportingd
/usr/libexec/rtcreportingd
1⤵
PID:523

/usr/libexec/xpcproxy
xpcproxy com.apple.sessionlogoutd
1⤵
PID:524

/System/Library/CoreServices/sessionlogoutd
/System/Library/CoreServices/sessionlogoutd
1⤵
PID:524

/sbin/shutdown
/sbin/shutdown -r now
1⤵
PID:1.04228753e+09

/bin/sh
sh -c "/usr/bin/wall -n"
1⤵
PID:527

/bin/bash
sh -c "/usr/bin/wall -n"
1⤵
PID:527

/usr/bin/wall
/usr/bin/wall -n
1⤵
PID:527

/System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnose
iogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin
1⤵
PID:0
- /usr/sbin/spindump
  spindump -shutdownstall 2 -timelimit 5
  2⤵
  PID:529
- /bin/sh
  sh -c /usr/sbin/kextstat
  2⤵
  PID:530
- /bin/bash
  sh -c /usr/sbin/kextstat
  2⤵
  PID:530
- /usr/sbin/kextstat
  /usr/sbin/kextstat
  2⤵
  PID:530
- /bin/bash
  bash /private/var/install/shutdown_installer_tasks
  2⤵
  PID:531
- /bin/bash
  bash /private/var/install/deferred_install
  2⤵
  PID:532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt

Filesize
132KB

MD5
9c53b0014c8c8c086f02055546fb63f9

SHA1
8628d67dfd68a4006d27ea2909c8e16d41c04042

SHA256
9b4522a19934bc84eaeb80b5057c4edb2ca043dbb01c18b399842c10d8dd7371

SHA512
db6f76737aae35b4571bd99b53f1088ee85d2645d2342f05039a0a5b5bdfde5a16fb4ff800d85260993373585a67e450fdb5d76c48c361f99e44440ff1929a90

Download Submit

© 2018-2025

Terms | Privacy