35aafa54f74d51268c1c99389dbafb2ff5835a30e5dec0bb6e8c239608e4c194 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

3

Executor.zip

macos-10.15-amd64

4

Bypasser C...ty.exe

macos-10.15-amd64

1

Bypasser C...config

macos-10.15-amd64

1

Bypasser C...ty.pdb

macos-10.15-amd64

1

Bypasser.dll

macos-10.15-amd64

1

BypasserAPI.dll

macos-10.15-amd64

1

FastColore...ox.dll

macos-10.15-amd64

1

FastColore...ox.pdb

macos-10.15-amd64

1

ForlornApi.dll

macos-10.15-amd64

1

forloninje...ct.dll

macos-10.15-amd64

1

forloninje...64.dll

macos-10.15-amd64

1

forloninje...64.dll

macos-10.15-amd64

1

forloninje...sh.dll

macos-10.15-amd64

1

forloninject/zstd.dll

macos-10.15-amd64

1

workspace/IY_FE.iy

macos-10.15-amd64

1

workspace/...50.txt

macos-10.15-amd64

1

workspace/...00.txt

macos-10.15-amd64

1

Analysis

max time kernel
538s
max time network
1810s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
12/10/2024, 13:49

Sharing

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Executor.zip

Resource

macos-20240711.1-en

macos-10.15-amd64

1 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Bypasser Community.exe

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral3

Sample

Bypasser Community.exe.config

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral4

Sample

Bypasser Community.pdb

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral5

Sample

Bypasser.dll

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral6

Sample

BypasserAPI.dll

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral7

Sample

FastColoredTextBox.dll

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral8

Sample

FastColoredTextBox.pdb

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral9

Sample

ForlornApi.dll

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral10

Sample

forloninject/ForlornInject.dll

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral11

Sample

forloninject/libcrypto-3-x64.dll

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral12

Sample

forloninject/libssl-3-x64.dll

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral13

Sample

forloninject/xxhash.dll

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral14

Sample

forloninject/zstd.dll

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral15

Sample

workspace/IY_FE.iy

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral16

Sample

workspace/OrionTest/111958650.txt

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Behavioral task

behavioral17

Sample

workspace/OrionTest/6578392500.txt

Resource

macos-20240711.1-en

macos-10.15-amd64

0 signatures

1800 seconds

Report Analysis Logs

General

Target

forloninject/xxhash.dll
Size

46KB
MD5

70c514826d9428f184d27f0c8f397404
SHA1

e6b0b1a396de9913004d9bcaa230972686416bb6
SHA256

aff59e91d222b75b3e3ac789baba9e24eff99796261ae5e887ef9e3c28bb3d64
SHA512

168c63cbb54865ca42a884fd974291bcadd9dd8cf8bc1980148214e84498af42a590cb3d3a394765ee0b7d2e337fab6e85ff4f85d9ced97b92b540152202a0a6
SSDEEP

768:tziPp7yW4k3QDn24NuDUSu0MKQVMNKuxYAuogba4Mk3Q18swN1WQ8hi6U:tziR74kgDn2rDRuIrN5mAvgbTg18DN1z

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/forloninject/xxhash.dll\""
1⤵
PID:490

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/forloninject/xxhash.dll\""
1⤵
PID:490

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/forloninject/xxhash.dll
1⤵
PID:490
- /bin/zsh
  /bin/zsh -c /Users/run/forloninject/xxhash.dll
  2⤵
  PID:492
- /Users/run/forloninject/xxhash.dll
  /Users/run/forloninject/xxhash.dll
  2⤵
  PID:492

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:514

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:514

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:536

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:536

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:537

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:537

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
1⤵
PID:538

/usr/sbin/newsyslog
/usr/sbin/newsyslog
1⤵
PID:538

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy