Resubmissions
28-01-2025 17:22
250128-vxk1hsyncn 1028-01-2025 15:15
250128-smwm6avrhl 1028-01-2025 15:11
250128-skte1svrbq 1024-01-2025 15:15
250124-sm7enawmbk 1024-01-2025 15:11
250124-skmx8strcz 1024-01-2025 15:06
250124-sgxm9swkal 1022-01-2025 18:49
250122-xgtzla1kgp 1022-01-2025 17:15
250122-vszccawpgx 1022-01-2025 15:42
250122-s5bqpstjhx 1022-01-2025 13:07
250122-qcr6waylfr 10Analysis
-
max time kernel
36s -
max time network
33s -
platform
macos-10.15_amd64 -
resource
macos-20241101-en -
resource tags
-
submitted
22-01-2025 12:48
Errors
General
-
Target
WannaCry.exe
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
Malware Config
Signatures
-
Resource Forking 1 TTPs 2 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/WannaCry.exe\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/WannaCry.exe\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/WannaCry.exe1⤵
-
/bin/zsh/bin/zsh -c /Users/run/WannaCry.exe2⤵
-
-
/Users/run/WannaCry.exe/Users/run/WannaCry.exe2⤵
-
-
/usr/libexec/pkreporter/usr/libexec/pkreporter1⤵
-
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer1⤵
-
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd1⤵
-
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"1⤵
-
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.PackageKit.InstallStatus1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.warmd_agent1⤵
-
/usr/libexec/warmd_agent/usr/libexec/warmd_agent1⤵
-
/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.rtcreportingd1⤵
-
/usr/libexec/rtcreportingd/usr/libexec/rtcreportingd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.coremedia.videodecoder 1251⤵
-
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.sessionlogoutd1⤵
-
/System/Library/CoreServices/sessionlogoutd/System/Library/CoreServices/sessionlogoutd1⤵
-
/sbin/shutdown/sbin/shutdown -h now1⤵
-
/bin/shsh -c "/usr/bin/wall -n"1⤵
-
/bin/bashsh -c "/usr/bin/wall -n"1⤵
-
/usr/bin/wall/usr/bin/wall -n1⤵
-
/System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnoseiogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin1⤵
-
/usr/sbin/spindumpspindump -shutdownstall 2 -timelimit 52⤵
-
-
/bin/shsh -c /usr/sbin/kextstat2⤵
-
-
/bin/bashsh -c /usr/sbin/kextstat2⤵
-
-
/usr/sbin/kextstat/usr/sbin/kextstat2⤵
-
-
/bin/bashbash /private/var/install/shutdown_installer_tasks2⤵
-
-
/bin/bashbash /private/var/install/deferred_install2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5aef0f18a05ce636aff2677e9e89b6f5b
SHA1a063fde1b2cc07f25db1b29965d45a9c037b462b
SHA2562cdd0fbb07a5546925f8ea705ab97364c6044eafe2c0f398f4110806cd73720a
SHA512ed57acb545c3e71992ac9fcc48298246204445c7ef4fd245a8695325fe31f643f098e131fe4a1e3b359f419458715b37098a0a5133291dcca4b4a4fc5a2cfb5a