Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

3a6e2de5b3...46.exe

macos-10.15-amd64

4

Resubmissions

29/04/2024, 10:45

240429-mtg6fsha6w 7

29/04/2024, 10:42

240429-mr7nbsha31 7

27/04/2024, 05:44

240427-gfdyzscd52 7

27/04/2024, 05:43

240427-gepzvscd38 7

27/04/2024, 05:42

240427-gd8qkscd33 7

27/04/2024, 05:41

240427-gdf1kacc99 10

Analysis

  • max time kernel
    36s
  • max time network
    33s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240410-en
  • resource tags

    arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    27/04/2024, 05:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446.exe

  • Size

    1.4MB

  • MD5

    5673c04d81969a6603184069b6846213

  • SHA1

    49fdd9c69f1c281d94486029dfaa5108dfc168bf

  • SHA256

    3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446

  • SHA512

    c381630f7c9c72ca538679bef37b9e966ec2f906bd5eb36a42069e3742ddd57bd958d867ede257edc3244e40fa3a6c65c10cddd07dddfd89cc2085eef13291cb

  • SSDEEP

    24576:rq5TfcdHj4fmb9Ve9u2qTPIMeYyBMLlQjzCEzKJ9TtLzCwn1jAh0zQJ9TtDRli:rUTsamC9uxKjY5x1jAF5i

Score
4/10
evasion

Malware Config

Signatures

  • Resource Forking 1 TTPs 5 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

    evasion

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446.exe\""
    1⤵
      PID:487
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446.exe\""
      1⤵
        PID:487
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446.exe
        1⤵
          PID:487
          • /bin/zsh
            /bin/zsh -c /Users/run/3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446.exe
            2⤵
              PID:488
            • /Users/run/3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446.exe
              /Users/run/3a6e2de5b3de6e67229b11f6d74a4f9af70ccec85c2573a905df5a1f84a35446.exe
              2⤵
                PID:488
            • /usr/libexec/xpcproxy
              xpcproxy com.apple.systempreferences.2140
              1⤵
                PID:520
              • /System/Applications/System Preferences.app/Contents/MacOS/System Preferences
                "/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
                1⤵
                  PID:520
                • /usr/libexec/xpcproxy
                  xpcproxy com.apple.AccountProfileRemoteViewService 520
                  1⤵
                    PID:521
                  • /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
                    /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
                    1⤵
                      PID:521
                    • /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
                      /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
                      1⤵
                        PID:524
                      • /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
                        /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
                        1⤵
                          PID:525
                        • /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
                          /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
                          1⤵
                            PID:526
                          • /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
                            /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
                            1⤵
                              PID:527
                            • /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
                              /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
                              1⤵
                                PID:528
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.nfcd
                                1⤵
                                  PID:530
                                • /usr/libexec/nfcd
                                  /usr/libexec/nfcd
                                  1⤵
                                    PID:530
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.studentd
                                    1⤵
                                      PID:531
                                    • /usr/libexec/studentd
                                      /usr/libexec/studentd
                                      1⤵
                                        PID:531
                                      • /usr/libexec/xpcproxy
                                        xpcproxy com.apple.PerformanceAnalysis.animationperfd
                                        1⤵
                                          PID:533
                                        • /System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
                                          /System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
                                          1⤵
                                            PID:533

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads