Overview

overview

4

Static

static

3

windhawk_setup.exe

macos-10.15-amd64

4

Compiler/i...ing.js

macos-10.15-amd64

1

Compiler/i...iew.js

macos-10.15-amd64

1

Compiler/i...ion.js

macos-10.15-amd64

1

Compiler/i...ons.js

macos-10.15-amd64

1

Compiler/i...ice.js

macos-10.15-amd64

1

Compiler/i...der.js

macos-10.15-amd64

1

Compiler/i...der.js

macos-10.15-amd64

1

Compiler/i...und.js

macos-10.15-amd64

1

Compiler/i...der.js

macos-10.15-amd64

1

Compiler/i...ing.js

macos-10.15-amd64

1

Compiler/i...der.js

macos-10.15-amd64

1

Compiler/i...der.js

macos-10.15-amd64

1

Compiler/i...ent.js

macos-10.15-amd64

1

Compiler/i...ore.js

macos-10.15-amd64

1

Compiler/i...ore.js

macos-10.15-amd64

1

Compiler/i...get.js

macos-10.15-amd64

1

Compiler/i...und.js

macos-10.15-amd64

1

Compiler/i...ion.js

macos-10.15-amd64

1

Compiler/i...hic.js

macos-10.15-amd64

1

Compiler/i...een.js

macos-10.15-amd64

1

Compiler/i...der.js

macos-10.15-amd64

1

Compiler/i...nts.js

macos-10.15-amd64

1

Compiler/i...hic.js

macos-10.15-amd64

1

Compiler/i...ace.js

macos-10.15-amd64

1

Compiler/i...tes.js

macos-10.15-amd64

1

Compiler/i...ore.js

macos-10.15-amd64

1

Compiler/i...ent.js

macos-10.15-amd64

1

Compiler/i...ces.js

macos-10.15-amd64

1

Compiler/i...ore.js

macos-10.15-amd64

1

Compiler/i...ure.js

macos-10.15-amd64

1

Compiler/i...D11.js

macos-10.15-amd64

1

Resubmissions

05/10/2024, 17:22

241005-vx29ssseke 7

05/10/2024, 17:21

241005-vw7g5axfkn 4

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240711.1-en
  • resource tags

    arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    05/10/2024, 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Compiler/include/winrt/Windows.ApplicationModel.Search.Core.js

  • Size

    23KB

  • MD5

    b676725ccb18f78baaa43e6e3e5982c9

  • SHA1

    d6912164a8fbbd12add5873b717f0a5980269bc8

  • SHA256

    87614fe95d5c3cc2b9e74bc562a3bbf8967c34709d8d6bbe48a70dbb511ca15e

  • SHA512

    d474e8d64d66f7205bfdf4521d1e9bf44f1bceae385f1e9a8708b270f7edfb27175fe8b0ef773273247b0dccb31812534c70dac540e8d814dd43521af046afa1

  • SSDEEP

    192:Mcm8V0SwgXZOf666R+66RPomsMsR46MurhuuL1qX13r5WcCQuuaXa3avaGafa9aA:78CVR8RP6xRF9ukQlbZCVv

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Compiler/include/winrt/Windows.ApplicationModel.Search.Core.js\""
    1⤵
      PID:513
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Compiler/include/winrt/Windows.ApplicationModel.Search.Core.js\""
      1⤵
        PID:513
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/Compiler/include/winrt/Windows.ApplicationModel.Search.Core.js
        1⤵
          PID:513
          • /bin/zsh
            /bin/zsh -c /Users/run/Compiler/include/winrt/Windows.ApplicationModel.Search.Core.js
            2⤵
              PID:514
            • /Users/run/Compiler/include/winrt/Windows.ApplicationModel.Search.Core.js
              /Users/run/Compiler/include/winrt/Windows.ApplicationModel.Search.Core.js
              2⤵
                PID:514
              • /bin/sh
                sh /Users/run/Compiler/include/winrt/Windows.ApplicationModel.Search.Core.js
                2⤵
                  PID:514
                • /bin/bash
                  sh /Users/run/Compiler/include/winrt/Windows.ApplicationModel.Search.Core.js
                  2⤵
                    PID:514
                • /usr/libexec/xpcproxy
                  xpcproxy com.apple.sysmond
                  1⤵
                    PID:515
                  • /usr/libexec/sysmond
                    /usr/libexec/sysmond
                    1⤵
                      PID:515
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.audio.AudioComponentRegistrar
                      1⤵
                        PID:516
                      • /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                        /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
                        1⤵
                          PID:516
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                          1⤵
                            PID:546
                          • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                            /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                            1⤵
                              PID:546
                            • /bin/launchctl
                              /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
                              1⤵
                                PID:550
                              • /bin/launchctl
                                /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
                                1⤵
                                  PID:551

                                Network

                                MITRE ATT&CK Matrix

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads