macOS
Analysis Report
pwm_3.3.1.1_x86-64.dmg
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 752916 |
Start date and time: | 2022-11-24 01:26:02 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | pwm_3.3.1.1_x86-64.dmg |
Cookbook file name: | defaultmacfilecookbook.jbs |
Analysis system description: | Virtual Machine, High Sierra (Office 2016 16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099) |
Analysis Mode: | default |
Detection: | CLEAN |
Classification: | clean3.macDMG@0/24@2/0 |
- Excluded domains from analysis (whitelisted): local
Command: | open "/Volumes/PWMinder_3.3.1.1/PWMinder.app" |
PID: | 900 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: |
- System is macvm-highsierra
- mono-sgen32 New Fork (PID: 900, Parent: 812)
- xpcproxy New Fork (PID: 901, Parent: 1)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS traffic detected: |
Source: | Writes from socket in process: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Reads from socket in process: | Jump to behavior |
Source: | Classification label: |
Source: | Binary or memory string: |
Source: | Hidden Directory created: | Jump to behavior |
Source: | Launchservices plist file read: | Jump to behavior | ||
Source: | Launchservices plist file read: | Jump to behavior |
Source: | AppleKeyboardLayouts info plist opened: | Jump to behavior |
Source: | Random device file read: | Jump to behavior | ||
Source: | Random device file read: | Jump to behavior | ||
Source: | Random device file read: | Jump to behavior |
Source: | Log file created: | Jump to dropped file |
Source: | CodeSign Info: |
Source: | Sysctl read request: | Jump to behavior |
Source: | Sysctl requested: | Jump to behavior |
Source: | Sysctl read request: | Jump to behavior | ||
Source: | Sysctl read request: | Jump to behavior | ||
Source: | Sysctl read request: | Jump to behavior |
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior |
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Invalid Code Signature | OS Credential Dumping | 51 System Information Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 2 Non-Application Layer Protocol | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Code Signing | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Hidden Files and Directories | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
etappservices.appspot.com | 142.250.186.148 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
88.221.168.210 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
142.250.186.148 | etappservices.appspot.com | United States | 15169 | GOOGLEUS | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
88.221.168.210 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 2330 |
Entropy (8bit): | 4.226110881195929 |
Encrypted: | false |
SSDEEP: | 24:VmPpK43I2o4mBVLMKML0Op6ZoStz3BtV6tL:VmxrI77BVAlL0Op6Z/tXVGL |
MD5: | 9FA50D77023B581571559014E07D0ECF |
SHA1: | 4D82EA3E2395C964A1B0F1959F935F3D14F4A6D5 |
SHA-256: | 6AB1E0EB70B3EF28A355872C03598DA925D33DF3B3DCCFF051058DDC4417EC15 |
SHA-512: | 143DCF274CA740D7BA929E737FC3DE8D8DD75DFB22B5A1EDF9EF8186531F5F9BD77C25DB00DFC2697D5F79B415D1FE6C8050FB243089115A2D1CE1FFDF957871 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 1554 |
Entropy (8bit): | 5.387669698088783 |
Encrypted: | false |
SSDEEP: | 24:CFLymPp4u3I0bi4mYisiLMnAiL0NWpknUKz3BtV6txV+6Ac:CBymx4iICi7YisiAAiL0Qpu7XVGxI4 |
MD5: | CCFCB0B67D8546EE6284AA9FCD6BB116 |
SHA1: | AB0F40DFDE13EAA0626F05D60336F3D13A121B79 |
SHA-256: | 98061827B4A4B51922A620D0BCD46CDFDDDD3CC83BC0C98DB8B9A05FD13063B9 |
SHA-512: | 7B589A9FF4F442CC1A6802A3A7CC96C781AB91DC2ABDAA9D6B5013BD471C16235B9F2A415032FDD623BAE8F875EA7A3C18B01F98E03D78C3109C6FF2C7CBA132 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 7DEA362B3FAC8E00956A4952A3D4F474 |
SHA1: | 05FE405753166F125559E7C9AC558654F107C7E9 |
SHA-256: | AF5570F5A1810B7AF78CAF4BC70A660F0DF51E42BAF91D4DE5B2328DE0E83DFC |
SHA-512: | 1B7409CCF0D5A34D3A77EAABFA9FE27427655BE9297127EE9522AA1BF4046D4F945983678169CB1A7348EDCAC47EF0D9E2C924130E5BCC5F0D94937852C42F1B |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10219926841058769522.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 135 |
Entropy (8bit): | 6.0085163543859865 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXlmqQyYs3zkHc3YiT6+BYyJ1xi7yRDoRe:NluXDjAqes36cf+nyJ1xBmRe |
MD5: | 973E211C65BC4D1B913ABE1EFC0FDA87 |
SHA1: | 85855CE98B94F4CD0E341F1161435C23CFB11FE4 |
SHA-256: | 9C28AE36A99253ACFF1B773C167CB37F86B7FB1C3F7EA336A564283046A49F77 |
SHA-512: | 15710F614E5971B8D40050C2E7A192D95197B984BAECCCC7F90877C0C130E6F00A2057938458ADB458562DD0B0645C7E54C5C232F1C833FAE9BCB4C94AAA5B77 |
Malicious: | false |
Reputation: | low |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10224466244630806701.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 110 |
Entropy (8bit): | 5.681584392961769 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXlZlseyZBcwyE2iUB:NluXDjKey/cV |
MD5: | C5B6E97C0A3AD985FAFB4100B3EC7A48 |
SHA1: | F19A7053B2CFB1694542F400ADB39DA6D03B1D76 |
SHA-256: | D256F259A88CCCF3477DB914BC5481CF30448F5F14AF72E98341576985EF46F8 |
SHA-512: | A65DBE271F1EBF5838A8F6DD747224BA37D0002FB9AE71B0E25A0B5F5E11637E93396E2CD6AFE25703939A0D05CD7A43EBE4C3983868980B2EFCE2A37EF084AF |
Malicious: | false |
Reputation: | low |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10459773673903316017.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 167 |
Entropy (8bit): | 6.311163868825322 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXlGKqJBc5UH6gqjCK7KdSttZ3x0Q2aBd3bsCngPSdfk/:NluXDjgKCBIUFukStt8ZGbsCgqdfk/ |
MD5: | 52FD36B0B8FAE96A602EDD5AD182BF75 |
SHA1: | 54DF664F7CDFDF7B33845031699081467907C764 |
SHA-256: | 0A7393EF1EE4F2969915BAD38B35BDD71980109CA59D835278EA992E8246EFAC |
SHA-512: | 685D77F91BBADC9305FB1E7F0AECEF3E7795CA81F4640E895C5E89125A039411C4E2F4989006613FE5BE9E7F497641C5F5D6D7CE8C1E551013D039CBA649A416 |
Malicious: | false |
Reputation: | low |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio12938241649503612607.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 93 |
Entropy (8bit): | 5.302865421194932 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXlo5qQqUVMMl+0lfCW:NluXDjC5q/UPlL0W |
MD5: | 72A7DEDE3D9214D98194E3BB75EB1972 |
SHA1: | 5C0E9CEBBD0CCC42D1E618B47A65E278A2A4911C |
SHA-256: | 4F03A03AA0105A88ABD446FB27908787E9B4DC10E7BA6BF7D45BDA8F04E6DF3D |
SHA-512: | B9D6EEF8935E6D2F61E7CC133F195AABBE01915CD49334345ED996EC5D8C9CAECCF7288E4EA57EF09120BFE32BD45A7B182F89F4BEC9D1F9460B0E08254ECD96 |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio13412971084950237612.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 110 |
Entropy (8bit): | 5.396780054217408 |
Encrypted: | false |
SSDEEP: | 3:Csl8pRD/wlHrvlReIqGDSEJVhdJVEP1H+m/:Nl8jDoqULVXJuP1H+W |
MD5: | EC99D36A8AC6C648CDABCA70F6A0BC83 |
SHA1: | 4093B2B4CE08F507935169D822AC02E555CDFADA |
SHA-256: | B1B49DECEF7F459CEEAC2D815AFEDF00FF69D2BB31128613A06784AB9BFA0223 |
SHA-512: | 37F3DE63B3D3DA9D6336EE877019CE4D70AA8ADF9C8032446D046343D655F77E007DDE50F73335A4A0E20A6A9908456E7FDC9E867ED387F48C1DDD08AC8BDBEC |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio13578127288510142521.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 196 |
Entropy (8bit): | 6.585002497773357 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXlR53uqJBc5UH6gqKo4//CO711ENtlEpeQF9xLAHnhWXNtG8ll:NluXDjfBIUFM4/6BEcQF9t2AXW8/ |
MD5: | ED53FC949DDBDF4EADEFD9A87104122D |
SHA1: | A0FB5F4CE1B159F2E989E7A3A6AE4B987BADAB7C |
SHA-256: | 1A7A76248AC7BB85BEF027B04FFA97190D51B0050D34CEA4AACD8EB15DC59A03 |
SHA-512: | 9F4E92F051522879AE897AB9C8C18870FC85B1753D2DFF8104E65270EE12148B1146B33516A2263FA662B5F02A78405AF8AB0690E574713FFAD18FFD34BDCC55 |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio16244522733088286171.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 126 |
Entropy (8bit): | 5.960786272431544 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXlpqQqkDlcdoAsmrkhDAXIi224n:NluXDjOQqkDl6oAsmrka8/n |
MD5: | 642565FBC584D7DFD1F3C07A960C13B8 |
SHA1: | EFEC89BEE218E73EAC3601BBD158DC890B5E4CCE |
SHA-256: | C8661EA4C44231232A9AABE491D76E372C55EE508917199A34E25A1EB70B0B84 |
SHA-512: | FD5D39A2CC4F9DC831AE99689B7BFAA1C1B6DE216D1A6CE8F593E7651E921CDE232D14F09F97015E07B6D4DC420BBE4FD20EDFE696A81AC965C94B187090BA5F |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2086714674483719818.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 110 |
Entropy (8bit): | 5.433143690581044 |
Encrypted: | false |
SSDEEP: | 3:Csl8pRD/wlHrvlReIqGDKH0/NFjUPRvepSh2YhPjZn:Nl8jDoqU20FiepSXV |
MD5: | A218D502A65437F5EC01AB4C53ABA21B |
SHA1: | 657E1A7B42BCE3E7686B7352A3D910B10AC07C5E |
SHA-256: | 9A1563B281587FA7C3521F2EDE91C3B1F3EED931A5002855E660A1F7B1F5A306 |
SHA-512: | DF1EBC9906E7FFED8F31893822CBAEFD633DE09B1E3275FEAEAEE8A4F28AB5AB674E3FA3E7169A15F341EA148D4E493D20C5C02B4E6481D01F693319B67191AE |
Malicious: | false |
Preview: |
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 119 |
Entropy (8bit): | 5.5997507981039 |
Encrypted: | false |
SSDEEP: | 3:CslDae/XExlHrvleeI9a1dFrOdrGuYtObjQF9UHOdn:NlnUgm0dauYt0jQXUHOdn |
MD5: | 00913B549FE9528B8AF912CC7A0603D3 |
SHA1: | 9E8782B0C01DCD65DBB7D2D52257683970F7ED2A |
SHA-256: | DCB1E08CD60160E62454FFEB9F3B034B907EF941DF20E281F2D3CE628E8713DA |
SHA-512: | AA80B5AAF6C349EC8329A75369B3C39AD2F793EA0CCA222DD6D36D277C3E1C41587FB819D32C7C0FC447FC3406D537D88A3BD2C44E0FFC5A2019E58F025F818C |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2223170928174613939.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 114 |
Entropy (8bit): | 5.485945277378447 |
Encrypted: | false |
SSDEEP: | 3:Csl8pRD/wlHrvl4WDthSBS9//J/OOabbtP8k:Nl8jDgt5nJGOa/D |
MD5: | 80A2A9FD43C81D00DABE8940739A09F9 |
SHA1: | 872F19AB0D529168BA418AF53548AE87688FBD83 |
SHA-256: | 80573875DA6572ABB6B35B943FB9442F52B1DFBFD7C7926EB0FA064349DA0E06 |
SHA-512: | D4A944BC422B536CCA4C84C0F5072739E07F1D85CDFB9A5BDB2ECC7BC58728400641694130686BF702963884948D6F8AB4D09A1FD8C0954A705431D9149D03EF |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2999633974807869622.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 95 |
Entropy (8bit): | 5.372695895024822 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXl2zh+Joi4Cv9nn:NluXDjczgoin |
MD5: | 41C538A5777BB007FF524FBB082EB7EA |
SHA1: | B43180E06FFA68DA5F18C4F7106FE33B58D6CF8B |
SHA-256: | 18100D5483B6FF5FEDB9780C250F4C1E70E527DCF4CC8C99BB6EDD54DCA0F405 |
SHA-512: | 0BEE24FE8D0E221729A695E3C557C3F272A37747E12516ADBE7145BE108DCF67C0CE20812C08BA5E218D853EA6A5DF277E4094D40D129D76D99551316B81358E |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio3815422977875359551.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 111 |
Entropy (8bit): | 5.7238475101629165 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXluqQVJHtr37neui5mUrH1tc6w:NluXDjYq8JZ3DeRjDc6w |
MD5: | CD1A29180A36D5315309DADE8891D7B1 |
SHA1: | EAB2138F9175211C6353224FFBBA28844CE7F38A |
SHA-256: | E6C935C003CA1699B633A91427CA83F35B356E9F10414B2ED52899F53BAA958C |
SHA-512: | BC58C66A96FCEB04D66EC05CB2D5A1A77B96E650A1CAB81C312F8180E89E0302F8E1FE69FB8043C6E66B385F5AB2A41A49882DCF7BF8B4D6E5F388368439D444 |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio5224863052943678154.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 96 |
Entropy (8bit): | 5.4498032792428415 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXl11uEYJTLZv15hH0RZ:NluXDjbATL5+RZ |
MD5: | 08C476ADA11D963F548AD67EB0932645 |
SHA1: | B1B7447B421106F8E9DD3D9A2A557DF3B4D426FA |
SHA-256: | 2DC300157DC87449F8B2853350C0BA0342ACD883105D2F835A3D0D7EB7E23F17 |
SHA-512: | 38C1B8483E70CD2F9536EEB9FC7CA270A5A3806D4C6979631402693AD0D49AD1606B4844C1F0A2CF900A3ED3F89EDF851EFB2CB98FDAA67E2FD012A42FDD11F6 |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio5352537162059109128.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 143 |
Entropy (8bit): | 6.08215826783237 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXlGJ57nRl1LcqEewzDTPW+blOUTcSjT5Dl:NluXDjw37nRzL3KPWklO9+5 |
MD5: | 1CE83B1F6B8C7D440F51FCD01C50F0EF |
SHA1: | C78A3F9C36880ECD6DDA0B620342FD881309BAA6 |
SHA-256: | ECDE79A8A92EEE2026999F4ABBD55C9785DA57809A7CDE42EBC810E645AD3BBD |
SHA-512: | 679F36998223A927B69730D1EB9FA9C56F7C66786AC1280955B67C0E4D211740CE88A8FC986B19744BE20984CB57A2A70041285FF4B4D52B42C3C370F01416FB |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6164943713436445280.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.069983861411434 |
Encrypted: | false |
SSDEEP: | 3:CMQRQ/gBEv7TTQQQKIBkta2913yf2CDDm1qslylBxlVgDEsFgICoOZtLf8bF:/QugaTcwICzyf2AKx0saIyTLEbF |
MD5: | 5500729E3245B4BC78ADDFA79EF43984 |
SHA1: | 7F8E755B3D26D0100F3DD2057EDDFD02FB97C7D9 |
SHA-256: | BC288BD31CE5BD2013AD7FE24933EA69044BF94FCDED6010977FBF0566E2A922 |
SHA-512: | F25BA74A229CC0CBA0A75A96DB9E40F1CB98F1AF42CDA9EB2C1D2C5B5301F6D42D61A878E1A4BE7ACBA731AC5F4529FF4D245FF54A9E61340C242CA367A0F061 |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6359674507834563537.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 120 |
Entropy (8bit): | 5.833281532802035 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXlrqQEV3t3J+wH075Enl:NluXDj0Qut5zHA5Q |
MD5: | A05F262CB23CFF803A0E7BDD235B819B |
SHA1: | 4E5E292C1ACAB061A628157D01025BD0C69E52C8 |
SHA-256: | A4858E4EE4C3EAE37C797603CBE4177576EDBDDA1486FA6FF56EABBC08825F1C |
SHA-512: | 6CF7C37EED4D3FC4CF26B86BCAA370427635EA4FB5CC9B800454901C4782705A087841EA22BA91FD1140582A1B05177A96BD5D492327A6B6C46F8DA405F81DF9 |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6665906469700978227.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 94 |
Entropy (8bit): | 5.352724114848712 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXl30QVhAiwAmniq4UU:NluXDjuQVlwdK1 |
MD5: | 6D01A4C7AB5AC88FCF97B93217AB25D4 |
SHA1: | CD39486EC73155B3C4E1AB10B20C69262A09ECAB |
SHA-256: | 45CBC2F4469E0294737DDB777BA37C40DECAAB97161A1E421337BDB93B8EEAD6 |
SHA-512: | FF56D564A678283E973238F553576C2EF1A9C85326422EDC0673985A349A7CFAE1F604B6E7763C2202D31EF0AD6AFFF3379364DC9DBFB21CABBC2095DCB29B84 |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio7103516844854627969.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 288 |
Entropy (8bit): | 5.004652300322183 |
Encrypted: | false |
SSDEEP: | 3:CMQRZhqE1r/JvSXhhmmyKLFERrQ//35AsOaRH21LylUrtuvExx09zqGkDg8jg3it:/QDThMxTyKOrm3q7rwvExOzqGeg4Akl |
MD5: | DBEB6AC81C07D0B4E76000859309B1E5 |
SHA1: | 69755A6C206C094E91CF5D1086B1D3BF0FC4C7C8 |
SHA-256: | 9863E46319CAD2BD1A809C7DFAB7EE0A44667B25A9389543E18F04EA894A055A |
SHA-512: | D89FF50C1528782D8CF17BEA294C7943D71FB32117B553DAE3349EADFFF7B784DC9B1A39ABEE39DDC3264E3756953B34DF35F0955026C7D20454E99EC68B6687 |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio7212544972120051578.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 149 |
Entropy (8bit): | 6.200845213320675 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXl7MuIZPZwLfACCGH1hbGUXTpDQNLDO9Nvn:NluXDjJM5PZwJV1hxanOvP |
MD5: | 0F8E2C9B6E60429824D76F1D08F56EB0 |
SHA1: | 9B3372A501E04CC847ACB4A0A56FB14F0E27A414 |
SHA-256: | 671F63EB768753D4CC6F92F0C1C7405F7998337CD7D5605946C7852EAE06328F |
SHA-512: | C58038EA614456EFE94D67C92BBE0F523D769518C9B2DFDFDE65204D7A77942723BED03CECEB9E2AC2FD364DE3774DC9976F12665FFE2DBB40A5BB3597C64F4C |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio9716126586112586483.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 124 |
Entropy (8bit): | 5.837381308239729 |
Encrypted: | false |
SSDEEP: | 3:CslDa3X/7/xlXlPnSnBZ+DIbHgnekrK4r3YZ97dXGyul:NluXDj5XD8HgekZroDwH |
MD5: | E76C48F0DB9AF83B03C31A5C074F0BE4 |
SHA1: | C3EB6C0B650386AC38716B1F41C48556B4D49855 |
SHA-256: | DCE5C691E91E35286CB27DA1C7BBA3938162184E743A1D6F1BC8EB3B1D925830 |
SHA-512: | B2F2B1256EB882C9586126F34B6645832C967A7505DF0BE347CD1252DF8DFC677096149C398CB8690449E29769C83A078C25808B9C8FF1C10273AE1DCF454976 |
Malicious: | false |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio9745765645810963695.tmp
Download File
Process: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File Type: | |
Category: | dropped |
Size (bytes): | 184 |
Entropy (8bit): | 5.752289627872439 |
Encrypted: | false |
SSDEEP: | 3:CMJoabQKtnnn8/bGPssFC3hhl8OEJ5trylsxlGqD1H6qX+r203OX8N1l:/m2QuABWCHuOE7tzjGqxas+r3Oyl |
MD5: | 6A3211DBC3E2ABB4208D58DDBAE780BB |
SHA1: | 74D6839C87CEE7D906FA9EAEF2A63FCDC8C24544 |
SHA-256: | 7997AFB7530BD0CAB7D3677EE9F9FC9F1959E9246953896B3A4A235D76FA8128 |
SHA-512: | 36175E16E4A7B6837A5AA5A4519E44DD829C8C5723E73B234DCCA4472060FAFC4B2943FF786FFCC9EE84CE591FDC23DE4EED17999708ADE08E0084DB034DFDD4 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.999679567252431 |
TrID: |
|
File name: | pwm_3.3.1.1_x86-64.dmg |
File size: | 72184045 |
MD5: | 26e236876eb64279f77d118fbac3f06d |
SHA1: | 5519ff231aedc7394c5dd350b0b6058f253874c7 |
SHA256: | bd03a05dc21fa6ed0a3b35165df535896966f0f28279e07e7934d5e9e9ade8d8 |
SHA512: | ea476aa68f49632f0a4457b98549b9dbd881d1bc4d720c52734aaf6698176e1bc41f0b253808ee9a698900ae2b4cda07b135fefc9811bc223a3aea031ecd6fb3 |
SSDEEP: | 1572864:7WAzO9n33sgIqk/kMl8TtlO1N2o/32H2avNZggwVJsYXZUk:KAIn33E/cMYQ1Mo/zavMHVJ9XZU |
TLSH: | 39F7337DA299A801CD958375E3DF1A264D110F73D5CAB98F167C3633A2F4279202AB37 |
File Content Preview: | BZh11AY&SY.z.V...F .......@.. .1...i...j:\.....N.$(....BZh11AY&SY+/.\.......P.@....BH....... .@... .u.=SA.....i...R..M.4....\g...(.^.d].\.*.....A..B.H.0H+........=.4C.....~.I...A...R.W...)...Y}j.BZh91AY&SY............x.Ib0.@P....@@...!.(..H.$..BL...*.j... |
|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 24, 2022 01:27:06.156575918 CET | 49293 | 80 | 192.168.11.11 | 17.253.15.202 |
Nov 24, 2022 01:27:06.156810045 CET | 49294 | 80 | 192.168.11.11 | 88.221.168.210 |
Nov 24, 2022 01:27:06.164822102 CET | 80 | 49293 | 17.253.15.202 | 192.168.11.11 |
Nov 24, 2022 01:27:06.165782928 CET | 49293 | 80 | 192.168.11.11 | 17.253.15.202 |
Nov 24, 2022 01:27:06.168482065 CET | 80 | 49294 | 88.221.168.210 | 192.168.11.11 |
Nov 24, 2022 01:27:06.169320107 CET | 49294 | 80 | 192.168.11.11 | 88.221.168.210 |
Nov 24, 2022 01:28:06.725526094 CET | 49302 | 80 | 192.168.11.11 | 142.250.186.148 |
Nov 24, 2022 01:28:06.734603882 CET | 80 | 49302 | 142.250.186.148 | 192.168.11.11 |
Nov 24, 2022 01:28:06.735496998 CET | 49302 | 80 | 192.168.11.11 | 142.250.186.148 |
Nov 24, 2022 01:28:06.741548061 CET | 49302 | 80 | 192.168.11.11 | 142.250.186.148 |
Nov 24, 2022 01:28:06.750729084 CET | 80 | 49302 | 142.250.186.148 | 192.168.11.11 |
Nov 24, 2022 01:28:07.078432083 CET | 80 | 49302 | 142.250.186.148 | 192.168.11.11 |
Nov 24, 2022 01:28:07.079191923 CET | 49302 | 80 | 192.168.11.11 | 142.250.186.148 |
Nov 24, 2022 01:28:07.146462917 CET | 49302 | 80 | 192.168.11.11 | 142.250.186.148 |
Nov 24, 2022 01:28:07.157661915 CET | 80 | 49302 | 142.250.186.148 | 192.168.11.11 |
Nov 24, 2022 01:28:07.158380985 CET | 49302 | 80 | 192.168.11.11 | 142.250.186.148 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 24, 2022 01:27:25.382214069 CET | 137 | 137 | 192.168.11.11 | 192.168.11.255 |
Nov 24, 2022 01:27:26.840518951 CET | 137 | 137 | 192.168.11.11 | 192.168.11.255 |
Nov 24, 2022 01:27:26.841058016 CET | 137 | 137 | 192.168.11.11 | 192.168.11.255 |
Nov 24, 2022 01:28:03.787105083 CET | 53 | 60657 | 1.1.1.1 | 192.168.11.11 |
Nov 24, 2022 01:28:06.687371016 CET | 55647 | 53 | 192.168.11.11 | 1.1.1.1 |
Nov 24, 2022 01:28:06.687822104 CET | 51581 | 53 | 192.168.11.11 | 1.1.1.1 |
Nov 24, 2022 01:28:06.711705923 CET | 53 | 55647 | 1.1.1.1 | 192.168.11.11 |
Nov 24, 2022 01:28:06.711785078 CET | 53 | 51581 | 1.1.1.1 | 192.168.11.11 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Nov 24, 2022 01:28:03.790575027 CET | 192.168.11.11 | 1.1.1.1 | f6c | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 24, 2022 01:28:06.687371016 CET | 192.168.11.11 | 1.1.1.1 | 0xbb2b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 24, 2022 01:28:06.687822104 CET | 192.168.11.11 | 1.1.1.1 | 0x3951 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 24, 2022 01:28:06.711705923 CET | 1.1.1.1 | 192.168.11.11 | 0xbb2b | No error (0) | 142.250.186.148 | A (IP address) | IN (0x0001) | false | ||
Nov 24, 2022 01:28:06.711785078 CET | 1.1.1.1 | 192.168.11.11 | 0x3951 | No error (0) | 28 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.11.11 | 49302 | 142.250.186.148 | 80 |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 24, 2022 01:28:06.741548061 CET | 2 | OUT | |
Nov 24, 2022 01:28:07.078432083 CET | 2 | IN |
System Behavior
Start time: | 01:28:01 |
Start date: | 24/11/2022 |
Path: | /Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32 |
Arguments: | n/a |
File size: | 3722408 bytes |
MD5 hash: | 8910349f44a940d8d79318367855b236 |
Start time: | 01:28:01 |
Start date: | 24/11/2022 |
Path: | /usr/bin/open |
Arguments: | |
File size: | 105952 bytes |
MD5 hash: | 40ed6d8f35c9f20484b97582d296398f |
Start time: | 01:28:01 |
Start date: | 24/11/2022 |
Path: | /usr/libexec/xpcproxy |
Arguments: | n/a |
File size: | 43488 bytes |
MD5 hash: | d1bb9a4899f0af921e8188218b20d744 |
Start time: | 01:28:01 |
Start date: | 24/11/2022 |
Path: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
Arguments: | /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder |
File size: | 160464 bytes |
MD5 hash: | 98e481ba3862913413a1ac1b7c00b45c |