cce3f67e7567f7110100b796db9211dcf5d1ea53e2b35e435b5300b3562feae1

Analysis

max time kernel
123s
max time network
141s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
07/01/2023, 16:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

OSX.macsecurity
Size

122KB
MD5

c0f9d673da88d1c38d6d9141f6dffe5a
SHA1

a5c7db230b39cc523ff3aa136d7e67580a61f3a2
SHA256

cce3f67e7567f7110100b796db9211dcf5d1ea53e2b35e435b5300b3562feae1
SHA512

2e97d2241ec8eb1a537d59c14da7050a06d19e76da2bdd83596c22da233134c1d65347b4bc21083fde073f679f11030a3a30be0a03273adcbc17ddf3d3a67891
SSDEEP

3072:zoYEgdNJbIwSSBNMHBTnR6IGREQuWbl3OTesDuqJMWtsL+JKitAiwGIbP6CJXYAO:GDuqJDtsL+JKiqiwGIbP6CJXYARJGRJR

Score

1^/10

Malware Config

Signatures

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:495

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:497

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/OSX.macsecurity\""
1⤵
PID:499

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/OSX.macsecurity\""
1⤵
PID:499

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/OSX.macsecurity\""
1⤵
PID:499

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/OSX.macsecurity
1⤵
PID:499

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/OSX.macsecurity
1⤵
PID:499
- /bin/zsh
  /bin/zsh -c /Users/run/OSX.macsecurity
  2⤵
  PID:502
- /bin/zsh
  /bin/zsh -c /Users/run/OSX.macsecurity
  2⤵
  PID:502
- /Users/run/OSX.macsecurity
  /Users/run/OSX.macsecurity
  2⤵
  PID:502
- /Users/run/OSX.macsecurity
  /Users/run/OSX.macsecurity
  2⤵
  PID:502
- /bin/sh
  sh /Users/run/OSX.macsecurity
  2⤵
  PID:502
- /bin/sh
  sh /Users/run/OSX.macsecurity
  2⤵
  PID:502
- /bin/bash
  sh /Users/run/OSX.macsecurity
  2⤵
  PID:502
- /bin/bash
  sh /Users/run/OSX.macsecurity
  2⤵
  PID:502

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:525

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:525

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:526

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.4377A8A1-1C1B-4715-AE25-E45432CC8EFD 525
1⤵
PID:528

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:528

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:533

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.3597472F-98F4-4D80-90AA-A04EABE72A1D 525
1⤵
PID:534

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:534

/usr/local/bin/run
run
1⤵
PID:547

/usr/local/bin/run
run
1⤵
PID:547

/usr/bin/run
run
1⤵
PID:547

/usr/bin/run
run
1⤵
PID:547

/bin/run
run
1⤵
PID:547

/bin/run
run
1⤵
PID:547

/usr/sbin/run
run
1⤵
PID:547

/usr/sbin/run
run
1⤵
PID:547

/sbin/run
run
1⤵
PID:547

/sbin/run
run
1⤵
PID:547

/usr/libexec/xpcproxy
xpcproxy com.apple.PackageKit.InstallStatus
1⤵
PID:549

/usr/libexec/xpcproxy
xpcproxy com.apple.warmd_agent
1⤵
PID:550

/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress
"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"
1⤵
PID:549

/usr/libexec/warmd_agent
/usr/libexec/warmd_agent
1⤵
PID:550

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Containers/com.apple.Safari/Data/Library/Saved Application State/com.apple.Safari.savedState/data.data

Filesize
4KB

MD5
8fc2fc0c4feeff31dee46c22e8f8b963

SHA1
bcf0dbf5c1baec49eb815628fd2cae0467349357

SHA256
c9093f617d4aeda5ec1c124718a36a3863d3670ccf17684f32f994e15dc4c429

SHA512
494516500fd7727bf38d0ebd2e7f97dcb700e778b2629e21506f016ce04c04368880eb0e71c40a81bf4380fb3e636899eb0b1eb8dd41cca6788c6a6c6dda8570

Download Submit
/Users/run/Library/Containers/com.apple.Safari/Data/Library/Saved Application State/com.apple.Safari.savedState/data.data

Filesize
4KB

MD5
8fc2fc0c4feeff31dee46c22e8f8b963

SHA1
bcf0dbf5c1baec49eb815628fd2cae0467349357

SHA256
c9093f617d4aeda5ec1c124718a36a3863d3670ccf17684f32f994e15dc4c429

SHA512
494516500fd7727bf38d0ebd2e7f97dcb700e778b2629e21506f016ce04c04368880eb0e71c40a81bf4380fb3e636899eb0b1eb8dd41cca6788c6a6c6dda8570

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari 2)/LastSession.plist

Filesize
85B

MD5
030dc7964c8bc308933ba27e5875cadc

SHA1
a7a9f3a1c10e8f7ff5a8a5af6e56713dc2abc2ab

SHA256
c8d209beda6ffb4097775869422437378395cfb4a78e983835cb5a761a690c76

SHA512
c8827eb8337794a078c882aa7d91f0d7f27fc6557fd180f05862bd8a30f4e70d2fde35c868847c7f426da4a6bb324217385fcc7106697da0923b9e6b3c2e9c65

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari 3)/PerSiteZoomPreferences.plist

Filesize
111B

MD5
a52ea796c85c81502845c14bbf6a934c

SHA1
2188e8aa5c6f49df71545ae776286fb50398f2ec

SHA256
f2904d42e87c5b100913976c76e123252c8889996a561b5bff32aaf49e3b4b1d

SHA512
edd17ba654e59d5eeab2534bc93c9a065fbb177ecc490c3554a9c2a2341dc7c9f275cd3567e6e46e10f53caff86fcfe8e9240f431b19e91f9083fd7621ee595d

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/AutoFillQuirks.plist

Filesize
37KB

MD5
99924a9651f7ae78a8f350e52a71fc22

SHA1
0f00503f2aa7af9740458c65c9a93a8f1a99e3d5

SHA256
ed9799efe4f7983ebdcc01eee8dd8f7aaf3688a0a4ec4874c32820261d632716

SHA512
51742066fc57f1df9814914abccb61501dd25d4f2413d5891c151f879fe5f351986319d3b1741532ef58f8a6e63decf9c935b19b6e1598909e8df83f4c76f60e

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CacheSettings.plist

Filesize
75B

MD5
be1622b61c025fd5124b52f166d2bda0

SHA1
09b1695369600fc87fa46b8f1894ada7b1671cd2

SHA256
e0e5f38a3d586bc7208b107a169cac8ff0aa511132ff8c0d143ee3ab5b098eb1

SHA512
1aa42ad9a2465a6d7856d529df0f6ec616a8c7131e51e2f7001a5c01bec47b880b762e9938fc84230887f552ec94b1408b0e1fadf9d887b6266451f733f46928

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CloudHistoryRemoteConfiguration.plist

Filesize
1012B

MD5
0c29425555c7ff0ca114b1fd0dc39c50

SHA1
d7d808e8be92462f4c3ceba66734f0e9bb26acdd

SHA256
52826afeec974bb7bacb85bdc01dc4f23bf917d65e04773d7cad393f7866f3fd

SHA512
d9c8364a85f4b4a96caac1409f32f9d6b2f8ae19201e0abd2d449a3eedadd471e99e44bc92deb5d8fb60287da64a88e61b45f759e7b9a383a9bbe5f5fd242f95

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/KnownExtensions.plist

Filesize
2KB

MD5
99707b6e8b1daa434de2a176a458f85c

SHA1
96324f62483dd7ac8683d1850d694bb900eb3419

SHA256
f282d8a52bfdcd208792a47c074e59a1e16d627d53094e11fc73e595aec7ddad

SHA512
e8018018f91a5ce5c418f5c6445dc11a44b40aa6f619958d496b18507b3fe309415bf9ab293e9c7c0b3e4ba109213d0216d39c0304a7bc3cce301db0a729430c

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/LastSession.plist

Filesize
1KB

MD5
7eeee7939072262e8f76b9d536405d00

SHA1
e53e1423f4ef75cae7b08fb6cfef5fae97885bc4

SHA256
ab5031858ed205ffc6f89e9fb9c2283408b536c4169cce1c5ef44d9fbf670f04

SHA512
97b237ffbf7bf85f88df104e582f03d87501e9eb2d5b3a1665e09bb1a04f693277f376dfe7f79388045238d7f6889fa4e125e35f298824050b464b100827e850

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/LastSession.plist

Filesize
85B

MD5
030dc7964c8bc308933ba27e5875cadc

SHA1
a7a9f3a1c10e8f7ff5a8a5af6e56713dc2abc2ab

SHA256
c8d209beda6ffb4097775869422437378395cfb4a78e983835cb5a761a690c76

SHA512
c8827eb8337794a078c882aa7d91f0d7f27fc6557fd180f05862bd8a30f4e70d2fde35c868847c7f426da4a6bb324217385fcc7106697da0923b9e6b3c2e9c65

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/Preferences.plist

Filesize
76B

MD5
cdc65b5f112547eafae0f16f9c149426

SHA1
aeaf9908a5b6ff3e2f7b738abf5fe9e79108ba01

SHA256
1c6d085d871a855ce4a3902bab4b9b92631b8ee8f0b7f6536768a2aaf427b45c

SHA512
e8b0e4ce6a760a718a19976d3cfe9063f04fb4bf179947aeca84e94c83f21459fb9dc0ffabea8f633bd2d0ba94fe1e15d8c97e9604fde8bd0dea961eb83bddb7

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/TopSites.plist

Filesize
860B

MD5
ff8f7c8cb5293d52862cd9d2e0a0d9ce

SHA1
d5fc8a4abefd2943f1ff788c848f7deffb5ee245

SHA256
6eaf33d7697755ffba9ed57e98ec2a056d5761e43f68559b0c4fbf69439b4d8f

SHA512
e306ab489d803978c0fe3b93483f048a689d2395d7830d83fed8aa44dd2d362b82e79abc5f946dd1e72ae6de2c9b5e575e1f87391c0fe3910522f4587c976601

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads