2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad

Analysis

max time kernel
93s
max time network
94s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
19-01-2023 15:36

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

eicar.com
Size

68B
MD5

44d88612fea8a8f36de82e1278abb02f
SHA1

3395856ce81f2b7382dee72602f798b642f14140
SHA256

275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
SHA512

cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab

Score

1^/10

Malware Config

Signatures

/usr/libexec/xpcproxy
xpcproxy com.apple.speech.speechdatainstallerd
1⤵
PID:486

/usr/libexec/xpcproxy
xpcproxy com.apple.pluginkit.pkreporter
1⤵
PID:487

/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
1⤵
PID:486

/usr/libexec/pkreporter
/usr/libexec/pkreporter
1⤵
PID:487

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
1⤵
PID:485

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:488

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:489

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:490

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/eicar.com\""
1⤵
PID:492

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/eicar.com\""
1⤵
PID:492

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/eicar.com\""
1⤵
PID:492

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/eicar.com
1⤵
PID:492

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/eicar.com
1⤵
PID:492
- /bin/zsh
  /bin/zsh -c /Users/run/eicar.com
  2⤵
  PID:496
- /bin/zsh
  /bin/zsh -c /Users/run/eicar.com
  2⤵
  PID:496
- /Users/run/eicar.com
  /Users/run/eicar.com
  2⤵
  PID:496
- /Users/run/eicar.com
  /Users/run/eicar.com
  2⤵
  PID:496
- /bin/sh
  sh /Users/run/eicar.com
  2⤵
  PID:496
- /bin/sh
  sh /Users/run/eicar.com
  2⤵
  PID:496
- /bin/bash
  sh /Users/run/eicar.com
  2⤵
  PID:496
- /bin/bash
  sh /Users/run/eicar.com
  2⤵
  PID:496

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:529

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:530

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:530

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.47378B2F-24F6-446E-AE50-DCBD7A0D89A1 529
1⤵
PID:531

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:531

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:536

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:536

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.7CC94706-23A1-49A2-A74F-BD67DB2A18F7 529
1⤵
PID:537

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:537

/usr/libexec/xpcproxy
xpcproxy com.apple.PackageKit.InstallStatus
1⤵
PID:543

/usr/libexec/xpcproxy
xpcproxy com.apple.warmd_agent
1⤵
PID:544

/usr/libexec/warmd_agent
/usr/libexec/warmd_agent
1⤵
PID:544

/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress
"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"
1⤵
PID:543

/usr/libexec/xpcproxy
xpcproxy com.apple.passd
1⤵
PID:545

/System/Library/PrivateFrameworks/PassKitCore.framework/passd
/System/Library/PrivateFrameworks/PassKitCore.framework/passd
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.apple.ViewBridgeAuxiliary
1⤵
PID:546

/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
1⤵
PID:546

/usr/libexec/xpcproxy
xpcproxy com.apple.sessionlogoutd
1⤵
PID:547

/System/Library/CoreServices/sessionlogoutd
/System/Library/CoreServices/sessionlogoutd
1⤵
PID:547

/usr/libexec/xpcproxy
xpcproxy com.apple.nfcd
1⤵
PID:548

/usr/libexec/nfcd
/usr/libexec/nfcd
1⤵
PID:548

/sbin/shutdown
/sbin/shutdown -h now
1⤵
PID:0
- /bin/sh
  sh -c "/usr/bin/wall -n"
  2⤵
  PID:550
- /bin/bash
  sh -c "/usr/bin/wall -n"
  2⤵
  PID:550
- /bin/bash
  sh -c "/usr/bin/wall -n"
  2⤵
  PID:550
- /usr/bin/wall
  /usr/bin/wall -n
  2⤵
  PID:550
- /usr/bin/wall
  /usr/bin/wall -n
  2⤵
  PID:550
- /System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnose
  iogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin
  2⤵
  PID:0
- - /usr/sbin/spindump
    spindump -shutdownstall 2 -timelimit 5
    3⤵
    PID:552
- - /bin/sh
    sh -c /usr/sbin/kextstat
    3⤵
    PID:553
- - /bin/bash
    sh -c /usr/sbin/kextstat
    3⤵
    PID:553
- - /bin/bash
    sh -c /usr/sbin/kextstat
    3⤵
    PID:553
- - /usr/sbin/kextstat
    /usr/sbin/kextstat
    3⤵
    PID:553
- - /usr/sbin/kextstat
    /usr/sbin/kextstat
    3⤵
    PID:553
- - /bin/bash
    bash /private/var/install/shutdown_installer_tasks
    3⤵
    PID:554
- - /bin/bash
    bash /private/var/install/deferred_install
    3⤵
    PID:555

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Logs/DiagnosticReports/shutdown_stall_2023-01-19-163732_tests-iMac.shutdownStall

Filesize
164KB

MD5
8e602af66da263771d277da8d7e5d58a

SHA1
eb96a0fbc890c965b9e8c2660030d9815dbd1403

SHA256
b064f5ef7f7236486020533a4b2ed1cb85096e4c111ceaa5458fa5779be59ca9

SHA512
0338be58ecb69f7706ae752bc61fa956d4f5a305b24004cbca6baae937d38e9b3a3d00f19386c3e3f4bb2f4a905e25e8557a9467f807afaf2aefa6b0c50f7cca

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/AutoFillQuirks.plist

Filesize
37KB

MD5
99924a9651f7ae78a8f350e52a71fc22

SHA1
0f00503f2aa7af9740458c65c9a93a8f1a99e3d5

SHA256
ed9799efe4f7983ebdcc01eee8dd8f7aaf3688a0a4ec4874c32820261d632716

SHA512
51742066fc57f1df9814914abccb61501dd25d4f2413d5891c151f879fe5f351986319d3b1741532ef58f8a6e63decf9c935b19b6e1598909e8df83f4c76f60e

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CloudHistoryRemoteConfiguration.plist

Filesize
1012B

MD5
0c29425555c7ff0ca114b1fd0dc39c50

SHA1
d7d808e8be92462f4c3ceba66734f0e9bb26acdd

SHA256
52826afeec974bb7bacb85bdc01dc4f23bf917d65e04773d7cad393f7866f3fd

SHA512
d9c8364a85f4b4a96caac1409f32f9d6b2f8ae19201e0abd2d449a3eedadd471e99e44bc92deb5d8fb60287da64a88e61b45f759e7b9a383a9bbe5f5fd242f95

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/KnownExtensions.plist

Filesize
2KB

MD5
99707b6e8b1daa434de2a176a458f85c

SHA1
96324f62483dd7ac8683d1850d694bb900eb3419

SHA256
f282d8a52bfdcd208792a47c074e59a1e16d627d53094e11fc73e595aec7ddad

SHA512
e8018018f91a5ce5c418f5c6445dc11a44b40aa6f619958d496b18507b3fe309415bf9ab293e9c7c0b3e4ba109213d0216d39c0304a7bc3cce301db0a729430c

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/LastSession.plist

Filesize
1KB

MD5
ed2fa8bf3f40255eb2fe178070ca4452

SHA1
7a5ecfcf5d1d97d0dad72e2c46bdbfb6d625585b

SHA256
3df15fe5ea424819e7ab82e444e1fb5f95df125b15eceaa52159934a3b49068c

SHA512
0fd0eddd943fc88979b0aa50eadd7078e8d30a6a4f29ad21c6961f2660451715ac9b6b697dcd74ed7718d33732fa283914467a4339a22547529b9aecec7feef9

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/LastSession.plist

Filesize
85B

MD5
030dc7964c8bc308933ba27e5875cadc

SHA1
a7a9f3a1c10e8f7ff5a8a5af6e56713dc2abc2ab

SHA256
c8d209beda6ffb4097775869422437378395cfb4a78e983835cb5a761a690c76

SHA512
c8827eb8337794a078c882aa7d91f0d7f27fc6557fd180f05862bd8a30f4e70d2fde35c868847c7f426da4a6bb324217385fcc7106697da0923b9e6b3c2e9c65

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/Preferences.plist

Filesize
76B

MD5
cdc65b5f112547eafae0f16f9c149426

SHA1
aeaf9908a5b6ff3e2f7b738abf5fe9e79108ba01

SHA256
1c6d085d871a855ce4a3902bab4b9b92631b8ee8f0b7f6536768a2aaf427b45c

SHA512
e8b0e4ce6a760a718a19976d3cfe9063f04fb4bf179947aeca84e94c83f21459fb9dc0ffabea8f633bd2d0ba94fe1e15d8c97e9604fde8bd0dea961eb83bddb7

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/RecentlyClosedTabs.plist

Filesize
7KB

MD5
0c6a3f27c3bf72be04abff9a160d32a6

SHA1
ea6857f274d90583f119e44efa032f02ca59c91e

SHA256
bcec60fe21c44505f50dcf56a0000c2a6b02aa31596a0ec0049433ad0fcf6637

SHA512
edb974649f00c39d59bf3213f541981d3b0ebba063e6b0fa09f48f679435a1a9714a683807a200aa5511ce252d217b2f169e920e850bb82942e877d21708abd6

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.passd/TemporaryItems/(A Document Being Saved By passd)/cache.plist

Filesize
488B

MD5
983afa02ac9bd03474cbd0754dfec41e

SHA1
696bf72962cb4a3f8872e4cca621f08657986dcb

SHA256
6d90fccdd6c7756e9bc28f85f4d38ae54481e32ed1748ff4ff2fbda5ba2097a8

SHA512
398b3b2d86db3e2f6f3d9cf22d12562c89b263629eadf3cc5863ad275b5ab2980a60308883df3992be0d64cca0260216ce36c0d16270e53c5d2b710f215a3116

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.passd/TemporaryItems/(A Document Being Saved By passd)/cache.plist

Filesize
488B

MD5
983afa02ac9bd03474cbd0754dfec41e

SHA1
696bf72962cb4a3f8872e4cca621f08657986dcb

SHA256
6d90fccdd6c7756e9bc28f85f4d38ae54481e32ed1748ff4ff2fbda5ba2097a8

SHA512
398b3b2d86db3e2f6f3d9cf22d12562c89b263629eadf3cc5863ad275b5ab2980a60308883df3992be0d64cca0260216ce36c0d16270e53c5d2b710f215a3116

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.passd/TemporaryItems/(A Document Being Saved By passd)/cache.plist

Filesize
488B

MD5
983afa02ac9bd03474cbd0754dfec41e

SHA1
696bf72962cb4a3f8872e4cca621f08657986dcb

SHA256
6d90fccdd6c7756e9bc28f85f4d38ae54481e32ed1748ff4ff2fbda5ba2097a8

SHA512
398b3b2d86db3e2f6f3d9cf22d12562c89b263629eadf3cc5863ad275b5ab2980a60308883df3992be0d64cca0260216ce36c0d16270e53c5d2b710f215a3116

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.passd/TemporaryItems/(A Document Being Saved By passd)/cache.plist

Filesize
488B

MD5
983afa02ac9bd03474cbd0754dfec41e

SHA1
696bf72962cb4a3f8872e4cca621f08657986dcb

SHA256
6d90fccdd6c7756e9bc28f85f4d38ae54481e32ed1748ff4ff2fbda5ba2097a8

SHA512
398b3b2d86db3e2f6f3d9cf22d12562c89b263629eadf3cc5863ad275b5ab2980a60308883df3992be0d64cca0260216ce36c0d16270e53c5d2b710f215a3116

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.passd/TemporaryItems/(A Document Being Saved By passd)/cache.plist

Filesize
488B

MD5
983afa02ac9bd03474cbd0754dfec41e

SHA1
696bf72962cb4a3f8872e4cca621f08657986dcb

SHA256
6d90fccdd6c7756e9bc28f85f4d38ae54481e32ed1748ff4ff2fbda5ba2097a8

SHA512
398b3b2d86db3e2f6f3d9cf22d12562c89b263629eadf3cc5863ad275b5ab2980a60308883df3992be0d64cca0260216ce36c0d16270e53c5d2b710f215a3116

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.passd/TemporaryItems/(A Document Being Saved By passd)/cache.plist

Filesize
488B

MD5
983afa02ac9bd03474cbd0754dfec41e

SHA1
696bf72962cb4a3f8872e4cca621f08657986dcb

SHA256
6d90fccdd6c7756e9bc28f85f4d38ae54481e32ed1748ff4ff2fbda5ba2097a8

SHA512
398b3b2d86db3e2f6f3d9cf22d12562c89b263629eadf3cc5863ad275b5ab2980a60308883df3992be0d64cca0260216ce36c0d16270e53c5d2b710f215a3116

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/spindump.txt

Filesize
132KB

MD5
3c23fa80e7fed413d8a14828be90ec59

SHA1
911cefa304b0d8d200ee03de9466b7eae2951629

SHA256
af07c66e1690f9241c58beb1d59cd134ea48b5adcd2c16686329ed7930739712

SHA512
bcba4bdc38126450c2919e056426324f8bff14a09a1da48c3fd4cab0cd04fb78e0d85682c9102c9be398cee07ceb099afe4e67a1f714ad093a85ef536b6ceb7d

Download Submit
/private/var/run/utmpx

Filesize
3KB

MD5
f0ed4f7191137c9c0c82945a4c69fbc9

SHA1
75bad8a39ec80062b7c341a8ed5e067e2fd18063

SHA256
929983f3cc9805f2552d9d12d6fa0fe146bb9e1584faff506504d47fccd51390

SHA512
1c9bdf19192781afb89e098b675325478a798554badc6c2094d10afc0a72a54e2de0b39f017827a7edb5863bfaade4cacc6243d63e113edabf64bd3e47eb0a01

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads