Overview

overview

7

Static

static

1

winzip28-downwz.exe

windows10-1703-x64

7

winzip28-downwz.exe

windows7-x64

7

winzip28-downwz.exe

windows10-1703-x64

7

winzip28-downwz.exe

windows10-2004-x64

7

winzip28-downwz.exe

windows11-21h2-x64

7

winzip28-downwz.exe

macos-10.15-amd64

1

Analysis

  • max time kernel
    128s
  • max time network
    133s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240611-en
  • resource tags

    arch:amd64arch:i386image:macos-20240611-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    15/06/2024, 10:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    winzip28-downwz.exe

  • Size

    2.8MB

  • MD5

    17687f01ca5191c5e9dd733b30248ea2

  • SHA1

    9b63db46a9d58b945dd9b850236ed8d4d7d3567a

  • SHA256

    37b3035464123d188316fc8e7574f2e31768df08aca8e9dc2adceb41d34f2428

  • SHA512

    d366482d520fb250de54441daa9744129e692c24faeec2e7dce071370cfeeb00b50ef10fe47a3d788d3c4a17719d6133420ab99c6384798ea2017dca6260eb3c

  • SSDEEP

    49152:W9vgPi4Lp+1+zV9c9S7J5/iR7B/3blLYSNVMaxY3Y9fkHu+bHqjD:IbCpEYV9uSF5/mt/Ll5xY3gkHu+bHaD

Score
1/10

Malware Config

Signatures

Processes

  • /usr/libexec/xpcproxy
    xpcproxy com.apple.systemstats.daily
    1⤵
      PID:527
    • /bin/sh
      sh -c "sudo /bin/zsh -c \"/Users/run/winzip28-downwz.exe\""
      1⤵
        PID:528
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/winzip28-downwz.exe\""
        1⤵
          PID:528
        • /usr/bin/sudo
          sudo /bin/zsh -c /Users/run/winzip28-downwz.exe
          1⤵
            PID:528
            • /bin/zsh
              /bin/zsh -c /Users/run/winzip28-downwz.exe
              2⤵
                PID:529
              • /Users/run/winzip28-downwz.exe
                /Users/run/winzip28-downwz.exe
                2⤵
                  PID:529
              • /usr/bin/pluginkit
                /usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync
                1⤵
                  PID:563
                • /usr/sbin/spctl
                  /usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterBCBF2C69/OneDrive.app
                  1⤵
                    PID:564
                  • /usr/sbin/spctl
                    /usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
                    1⤵
                      PID:574
                    • /bin/launchctl
                      /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
                      1⤵
                        PID:588
                      • /bin/launchctl
                        /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
                        1⤵
                          PID:589

                        Network

                        MITRE ATT&CK Matrix

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads