Overview

overview

10

Static

static

10

die.jar

windows10-2004-x64

1

die.jar

macos-10.15-amd64

4

Analysis

  • max time kernel
    51s
  • max time network
    55s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240711.1-en
  • resource tags

    arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    20/10/2024, 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    die.jar

  • Size

    639KB

  • MD5

    26e71a3e23bce02f7470093bec796f3a

  • SHA1

    8e24cdcacd8c11c0348a21b86ae3c9016db510b9

  • SHA256

    cb380a068d65d2d225bba4863e6d0ec354cfe51c2238abf4c8da7ff0745ec602

  • SHA512

    8c9d70a2df574801708c5081637f7e11491a5ef20da576edff53ab4fb8f59057833a5fcfae62c60d7ec87eade1d8f56b0130a134ed4c927b09ecdea55178321b

  • SSDEEP

    12288:WHjdQx/PPhkbR4ddIt43gS/vRD+BTQNqbqg292RBz3Wu02NESPrDAv:WHZQhhkd4b73gSx+2qbLwqWupNXPrDAv

Score
4/10
evasionexecution

Malware Config

Signatures

  • JavaScript 1 TTPs 1 IoCs

    Adversaries may abuse various implementations of JavaScript for execution.

    execution
  • Resource Forking 1 TTPs 2 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

    evasion

Processes

  • /System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
    /System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
    1⤵
      PID:468
    • /bin/sh
      sh -c "sudo /bin/zsh -c \"open /Users/run/die.jar\""
      1⤵
        PID:483
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"open /Users/run/die.jar\""
        1⤵
          PID:483
        • /System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
          "/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
          1⤵
            PID:480
          • /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
            /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
            1⤵
              PID:474
            • /usr/libexec/pkreporter
              /usr/libexec/pkreporter
              1⤵
                PID:471
              • /usr/bin/sudo
                sudo /bin/zsh -c "open /Users/run/die.jar"
                1⤵
                  PID:483
                  • /bin/zsh
                    /bin/zsh -c "open /Users/run/die.jar"
                    2⤵
                      PID:485
                    • /usr/bin/open
                      open /Users/run/die.jar
                      2⤵
                        PID:485
                    • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
                      "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
                      1⤵
                        PID:476
                      • /usr/libexec/xpcproxy
                        xpcproxy com.apple.JarLauncher.1532
                        1⤵
                          PID:486
                        • /System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher
                          "/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher"
                          1⤵
                            PID:486
                            • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
                              "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -jar /Users/run/die.jar
                              2⤵
                                PID:491
                            • /usr/libexec/xpcproxy
                              xpcproxy com.apple.metadata.mdwrite
                              1⤵
                                PID:488
                              • /bin/launchctl
                                /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
                                1⤵
                                  PID:525
                                • /bin/launchctl
                                  /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
                                  1⤵
                                    PID:526
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                                    1⤵
                                      PID:530
                                    • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                      /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                      1⤵
                                        PID:530

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads