Overview

overview

10

Static

static

10

Exm Paid Tweaks.exe

macos-10.15-amd64

4

Exm Paid Tweaks.exe

macos-10.15-amd64

1

Analysis

  • max time kernel
    94s
  • max time network
    151s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240711.1-en
  • resource tags

    arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    27/09/2024, 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Exm Paid Tweaks.exe

  • Size

    7.4MB

  • MD5

    fb85c9ed03b0ba5a1cb056918422b013

  • SHA1

    68e862e622451164142f5143965109097daf3353

  • SHA256

    335e38a7985a1357ffe96c98258a8a8a4e10897a3a5bd97c06de9a8f5bc98c7b

  • SHA512

    832978b77aae80cf12d6feea3bb54c7c5766985e0279c78d4164b2499e8b9c1269f6ce709e4b899fe4687240f47f3673803f29804063c6a7c5ae96468c2178f0

  • SSDEEP

    196608:jY8PgLjv+bhqNVoB0SEsucQZ41JBbIR11tY:c8PwL+9qz80SJHQK1JI1vY

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Exm Paid Tweaks.exe\""
    1⤵
      PID:486
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Exm Paid Tweaks.exe\""
      1⤵
        PID:486
      • /usr/bin/sudo
        sudo /bin/zsh -c "/Users/run/Exm Paid Tweaks.exe"
        1⤵
          PID:486
          • /bin/zsh
            /bin/zsh -c "/Users/run/Exm Paid Tweaks.exe"
            2⤵
              PID:488
            • /Users/run/Exm
              /Users/run/Exm Paid Tweaks.exe
              2⤵
                PID:488
            • /bin/launchctl
              /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
              1⤵
                PID:523
              • /bin/launchctl
                /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
                1⤵
                  PID:524
                • /usr/libexec/xpcproxy
                  xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                  1⤵
                    PID:525
                  • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                    /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                    1⤵
                      PID:525

                    Network

                    MITRE ATT&CK Matrix

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads